Spam Archive opening FTP service December 4

Saint Aardvark writes "The FTP archives for spamarchive.org will be opening on December 4, according to this Wired article. But there already appear to be some archives available." I tried saving my spam for awhile just for giggles, but seeing that file grow to 100+ megs made me so angry I had to delete it. Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!

Yay Internet ?

[Rykky]

It's not the net's fault. Blame (or shoot) the spammer's.

Re:Yay Internet ?

[Cheese+Cracker]

It's not the net's fault. Blame (or shoot) the spammer's.

Well, some people ask for it by using their personal email account for signing up on sites, posting on usenet etc. Use an email account for these purposes, and the personal email account for friends and family. I don't receive any spam on my personal email account. :)

Re:Yay Internet ?

[LinuxHam]

Some of us have been on Usenet since long before that meant we were "asking for it". That damage can't be undone.

Re:Yay Internet ?

[Cheese+Cracker]

Some of us have been on Usenet since long before that meant we were "asking for it". That damage can't be undone.

It's not that hard to change email address... ;)

Re:Yay Internet ?

You're right, its not. My problem is that I have moved 4 times, meaning 4 street addresses and phone numbers, and changed cell phones 3 times just in the period of time that I've had my current email address. I enjoy hearing from old friends who only have that email address, so if I change it, they will be lost forever. I also hear from contracting companies who have an old version of my resume (that I actually sent to them :) ), so work still comes looking for me even though I don't need it.

Now that I have Bogofilter working, I'm down to maybe 3 a day getting through, so I'm pretty much holding to my credo: make the computer do the work. I'm not bugged or loaded down with spam. It's pretty much automatic here.

Re:Yay Internet ?

[DThorne]

You've been lucky. I setup an email for my girlfriend that has, literally, not been used - ever. I started checking it for her on a whim and sure enough, at least twice a week she gets spam. This isn't msn or hotmail - it's on rogers.com!

DT

Re:Yay Internet ?

It is when your business cards have your email address on them.
Maybe when you get out of school and have to start working/networking with other people you'll understand :-)

Re:Yay Internet ?

Well, there's one sollution :
Let the recipient decide on a fee to paid by the sender after the mail has been received... (not to hign of course avoid any abuses)... Let them spammers think twice about spamming

Re:Yay Internet ?

[RubberDuckie]

"Asking for it"? I'm not posting to alt.spam.me, so I'm not "asking for it". Yes, posting to usenet makes it more likely I'll get spam - and that's a shame.

Re:Yay Internet ?

[kNIGits]

Even though my wife doesn't send email to usenet, belongs to no mailing lists, and doesn't sign up for any web services, she still gets spammed to hell.

Why? A clueless friend of hers keeps filling out those "recommend this page to a friend" forms on unscrupulous websites. Even though we know may know better, most people don't.

Re:Yay Internet ?

[Alphtoo]

".... That damage can't be undone." Um, might I suggest that, in such cases, one might do well to change his/her username?

Re:Yay Internet ?

As I already said to the person who posted a similar reply a day before yours, I have reasons for wanting to keep the same email address that I've had for years. More importantly, by using the Bayesian spam catcher Bogofilter, I'm hardly bothered by spam. Maybe 3 or 4 a day get through. So no, I don't need to change my email address.

I wonder

[Woogiemonger]

Wouldn't this spam archive be a form of free advertising?

Re:I wonder

[paschimghat]

Absolutely. At any rate I fail to understant what all the hoo ha is about. This is about freedom. Abuse of freedom is an inevitable other side of the coin. All snailmail boxes in North America are full of spam mail. The bloody thing keeps postal workers and printers in business. It's enterpreneurship. Ignore it, destroy it if you can't stand it and get on with life outside spam.

Re:I wonder

[Woogiemonger]

Ignore it, destroy it if you can't stand it and get on with life outside spam.

Wait just a second there. I hate spam! Don't assume I'm a spam supporter like that. I think there should be Federal laws where people can't send you advertising unless you signed for it..and not just some warranty registration card or fine print on a receipt. You should have to fill out a paper form asking a company to send you its advertising. Maybe there should be companies to send you info from a specified number of companies for a certain type of product, for a specified time. However, if I get woken up by a telemarketing call, or not receiving mail because my mailbox is full of spam.. I get really disturbed. I hope this spam archive is unsuccessful, so people are forced to support laws outright against spam. Or, if they have to allow it, you should have to send your address and a way to easily contact you along with your advertising.

Re:I wonder

[RetroGeek]

Ignore it, destroy it if you can't stand it and get on with life outside spam.

I have a filter that finds the spam, and replies to it (using a trash basket return email address) with the body saying something like "go away, no one wants this nor read this".

If the reply address is a bogus email address, then the ISP response of no valid email address is deleted. If I get one to the trash basket it is deleted.

Ok, sure it increases TCP traffic, but it sends it back to the source. If we ALL did this, then the senders of spam would get, well, spammed.

Re:I wonder

Hey, watch out for copyright infringement ...

Re:I wonder

[doomdog]

I have a filter that finds the spam, and replies to it

Please don't do this. In the great majority of cases, the From: and Reply-To: addresses are faked. Spammers don't _want_ you to reply to them. They want you to click on the links they provide in the email itself, or have you reply to a separate email address embedded in the spam...

By sending replies to spam, you are just adding another burden to mail systems and aren't accomplishing anything... Really, you're not.

Oh, and those few cases where your reply to the spam doesn't bounce? Those are usually sent to some poor schmuck who had the misfortune of having his email address misappropriated by the spammers to use as a From: address...

Re:I wonder

I think it a great idea. The more people are annoyed, the more something might be done about it.

And if it pisses off the open mail sites, greate!

just wondering

[psyklopz]

who actually gets loads of spam every day?
I get about 3 per day (3 too many!)
You always hear about these poor suckers getting 200 or so a day, but how many of us actrually have to put up with that much stuff? If I got that much, I'd just switch email accounts, cos I just wouldn't put up with it.
I'm not defending spam here, but I'm just kinda curious how much people actually do get on average.

Re:just wondering

The only place I used to get "spam" was on AOL and at hotmail. I have a hotpop address right now and the only ads I receive are for Ebates and Compgeeks, which I get because I shop with both. So I guess it isn't UCE, it is just CE and doesn't neccessarily qualify as spam. Plus, its only like 2 a week from each.

Re:just wondering

[Evil+Adrian]

I get about 5-7 per day, on average. Not 200, but to have to get rid of 5-7 messages per day (and report them to spamcop) is very, very irritating.

No one should have to abandon an e-mail address because of unsolicited e-mail, especially (as in my case) if they've had their account for five years, and all of their friends and relatives know it...

Re:just wondering

[picz]

Who gets most spam?

People with public e-mail addresses do. Try writing a few usenet articles and have your e-mail address on a web site and wait for the spam to emerge.

Thank God for SpamAssassin

Re:just wondering

[C14L]

If people put their email adress all over the web, its no wonder. I just use some service like spamgourmet.com if I need an email address to subscribe somewhere and use a webform if you wanna contact me like C14L.com/mail. I've got no problem with spam.

Re:just wondering

[aallan]

who actually gets loads of spam every day? I get about 3 per day (3 too many!). You always hear about these poor suckers getting 200 or so a day, but how many of us actrually have to put up with that much stuff?

According to my filter logs I'm currently getting between 100 and 150 spam messages a day, I'm currently using RBL and SpamAssassin to filter my inbox so I usually only see 2 or 3 a week out of this total. Its still annoying though,

Just because you don't get any spam, doesn't mean everybody else isn't geting any...

If I got that much, I'd just switch email accounts, cos I just wouldn't put up with it.

Some people just don't have that option, you can't change your work email address, I know I certainly can't change mine...

Al.

Re:just wondering

[bluGill]

I typically get 20-30 per day. Often more than the useful email I get.

I am a firm beliver that if people really want to contact me I should not make it hard for them. I have had a few people who I did not know contact me that really should have contacted me. It doesn't happen often.

I'm also looking for a job, posting my resume with contact information uped the number of spams I get. At least the porn is outnumbered by other types of messages now, but that isn't saying much.

Re:just wondering

[awakened+tech]

I have 3 personal account ranging from 3 to 6 years old and I get around 50 spams per day. Can't really switch as I still get around 10-20 legitimate mails per week from those accounts. All I want is a bit of software that does the following: 1. When a mail arrives it compare its header to known sources of spam and takes appropriate action 2. adds a button to the tool bar in outlook (and preferably outlook express and evolution for when I'm at home) that allows me to submit the header from the current mail to the global known spam list If someone wrote that they would undoubtably make a packet! I feel a delphi/kylix project coming on ;o)

Re:just wondering

[lesburn1]

at my last job I used to get 75 spams a day.
(and 50 all-user internal email's to reply to a
direct question)
but at home I get 0.
it almost makes me feel un-loved.

Re:just wondering

[Azzmodan]

Try SpamNet it does something like that, only works for Outlook 2000/XP at the moment but they say outlook express support will come soon. It generates some sort of hash from the email and compares it to its database of known spam, you can also block spam that it did not filter so it filters it next time.

Re:just wondering

[melonman]

I can't say I've ever bothered to count, but I probably get 10 or so a day. I have a dozen or so domains that give my email address as the contact, my various email addresses are plastered over several longstanding websites, I've posted a few things on usenet and all my friends have had viruses that have emailed my address to every other computer on the planet, so I would expect to be a prime target for spam.

On the other hand, the addresses are hosted on our own (leased) machines, so I would be surprised (and liable to sue) if my ISP was selling my addresses to anyone.

I have noticed that customers using webmail, especially Hotmail, get huge quantities of spam, but this seems inevitable to me.

I'd say deleting spams takes me 30 seconds a day, top whack.

Re:just wondering

[rtstyk]

I get about 30 per day. And that's with trying to be really careful about to whom I give my address, but over the 5 years I had this work address, things accumulate. I have to say that the amount of spam have not been rising linearly. It's the last year or two that this has risen to such level.

One of the worst things is posting on mailing lists and then having your address on archives and all the mirrors of these archives. I stopped subscribing to some mailing lists because it was just too obvious of an exposure.

Re:just wondering

[Kashif+Shaikh]

Before shutting down my hotmail account, I was getting an average of 20 spam emails a day with the highest level of spam protection(I had another 20 spams in my junk box). It's like getting mail bombed, 'cause you only have 2megs with hotmail.

But the best way to eliminate spam? Don't ever use your email address to fill any form on the internet for some company located in china. I have two other email accounts and get virtually nill spam. I have only been recently getting spam on my yahoo account(1.5 spam every 2 days), but that's because I said "fuck it, I need to dl this software and I need to get the serial emailed to me".

Re:just wondering

[mt2mb4me]

Well, I have the same one for 2 years, i first let my relatives know not to send me crap, and i get no spam, at one time, i was getting spam from one vendor, i called the 800 number and i stopped getting stuff from them. also, this is the e-mail address availble here, and also the address on my online resume.

Re:just wondering

[LinuxHam]

I'm still training my Bogofilter, so I'm down to about 3 getting through a day. I just checked my spam dumping ground to answer your question, and I found 141 sitting there from the last 4 days.

I went with the "assume Bogofilter is right" configuration. When a new email is determined to be spam, it is indexed by Bogofilter and dumped in the spam folder. If not, it indexes the msg as "non-spam" and dumps it in my inbox. I have to save the spam that got through to a new "isspam" folder and occasionally force Bogofilter to re-index messages in that folder as spam.

Re:just wondering

[Matts]

Switching accounts isn't always that easy. My name is Matt Sergeant, and my email address is matt@sergeant.org. I'm just not changing that because someone who lives in a million dollar home thinks my address is his public shit can.

Luckily my job is detecting spam (I'm a SpamAssassin developer too), so I'm actually quite happy to get my address harvested loads of times :-) Bring it on, spammers.

But yes, I get lots of spam. About 100 a day. Not including mailing list subscriptions I get about 5 to 10 regular pieces of email a day. That's a hell of a ratio.

Re:just wondering

[IamTheRealMike]

Please please please setup Vipuls Razor - that we can all benefit from the spamminess of your account!

Re:just wondering

[anthony_dipierro]

who actually gets loads of spam every day?

I got 34 so far today. All filtered, though, into my spam folder.

Re:just wondering

[Fweeky]

I get 20-30 a day. I've long since stopped bothering hiding my email address -- maybe 2 get through every week, and I can handle hitting Shift-S to move them to Mail/SPAM-Unfiltered.

When SpamAssassin 2.5X arrives with it's baynesien filter I'll shove them through it. Hopefully it'll push the sucess rate high enough so that when I'm getting 200/day I won't be getting 20 missed a week :)

Re:just wondering

Actually, IBM has had an Intranet form for a few years where you can change the short version of your name, which is used for (among other things) your Internet email address. Too much spam? Fill out this webform, and get a new shortname. When email bounces to your old id, someone will call you if they really need to reach you.

And don't forget to order new business cards :)

Re:just wondering

[Openadvocate]

I used to get about 15 spam mails everyday. Then I activated some of the open relay checks and it did get 14 of them.
These days I no longer get any mails from open relays. From time to time I do see a spam mail, it mostly comes from someone abusing a proxy/cache server via the CONNECT method.

Re:just wondering

[1u3hr]

I need to get the serial emailed to me

sneakemail

Re:just wondering

[Desert+Raven]

If people put their email adress all over the web, its no wonder.

Well, it's nice that you don't need to. But, there are quite a few of us that do business on the 'net, who need to post an email address for potential customers to use to contact us. Yes, I could use a web form instead, but frankly, that's just a good way to cut down on your customer base. I *hate* it when that's the only way I can contact someone to ask a question. I figure I can't be the only one.

I use three RBLs, which average 150 blocks per day (high for the month was 326 in a single day). Spamassassin knocks out maybe 20 spam a day more. Two more per day make it through the filters to my inbox. Unfortunately, I can't just /dev/null the ones spamassassin traps, since every now and again it traps a good one.

Since I started composing this reply, spamassassin trapped two more spam messages, and one slimed it's way into my inbox.

Re:just wondering

[rednaxel]

As many slashdotters, I have several e-mail accounts. One of them, in a major ISP, occurs to have as username my first name (it was available at the time, I'm not so young). Well, this one is simply trashed, with 100+ spams per day. The spammers are making listings of name@isp.com at random, trying several 'name' combinations (like john, johnb, bjohn, and so on). Then repeat all the list for each major ISP and voilá, a enourmous list is created. After a few rounds of spam you know which ones are valid.

Re:just wondering

[schon]

who actually gets loads of spam every day?

After filtering, I get about 10-20 spams per day.

I just checked my RBL filters on my mailserver - so far this week, they have blocked 4155. (no, that is not an extra '5' at the end - my mail server has blocked over four thousand pieces of spam in the past 5 days.) Now, this number isn't just my account, but includes everyone in this 16-person office.

Spam is a problem.

Re:just wondering

[Micah]

I have several websites at different domains, with a public address @most of them. But I only get maybe 5 to 10 a day combined. The sites have been up over a year (most of them) but none are horribly popular. :(

Still, I think I'm gonna set up ORBS and/or SPEWS on my server in the not-too-distant future, and maybe some firewall rules. I don't even want to admit those evil packets to the server.

Re:just wondering

[miu]

I get about 25 or so a day to my work account. My email made a lot of lists because of internal lists that were sold. This means that the scum sending me email are somethimes able to make them look like legitimate internal mail that I cannot just delete.

There are spam filters on the exchange servers at work, but they are very crude.

Why is this slashback?

[hydrofi]

Is the poster's comprehension of time a bit twisted?

200 spam per day?

[Jucius+Maximus]

Man, what do you do to get all this? I haven't gotten that many in my life to my main account.

Really, all you need to do is manage your address properly from the beginning, don't do obvious spam-lure tactics with it, use sneakemail/other aliasing and you're set.

Seriously ... in the last year, maybe 3 total spams have come to my main address. (They're all the same spam too. Something about skin care. Weird.)

Re:200 spam per day?

[Spoing]

If manage a domain, you will get one to your contact address (usually hostmaster@your.domain) and also sales@, webmaster@, and a few other garbage addresses.

Having said that, I get ~10 spams a day to these bogus accounts per domain name -- not 100.

Re:200 spam per day?

[Jucius+Maximus]

" If manage a domain, you will get one to your contact address (usually hostmaster@your.domain) and also sales@, webmaster@, and a few other garbage addresses. Having said that, I get ~10 spams a day to these bogus accounts per domain name -- not 100."

Interesting. I do manage two domains, one is almost 1 year old and one is 2 months old. At both of them I have admin@, abuse@, postmaster@, webmaster@, etc I never get spam in any of them. Am I somehow blessed?

Re:200 spam per day?

[Huogo]

I get webmaster, and I've gotten the odd spam to hr, telling me that I just hired an incompitent person (wtf, when did I start running a buisness?).

Re:200 spam per day?

I've had one domain since time immemorial, that is about 1995. It gets about 45 spams a day. Newer domains get less, but eventually it adds up. Most of the spam has bogus addresses.

I'm using procmail to filter about 98% of the crap, with no false positives. It works better than spam assassin, which only kills about 92%.

Re:200 spam per day?

[anthony_dipierro]

If manage a domain, you will get one to your contact address (usually hostmaster@your.domain) and also sales@, webmaster@, and a few other garbage addresses.

That's why I block those accounts.

Re:200 spam per day?

[LinuxHam]

That's why I block those accounts

I know its a throwback to the days of yore, but those accounts are required to accept mail per RFC 2142 (scroll down to #5). In this world of total non-compliance, lets offer a moment of silence in memory of how the Internet was *intended* to run. :)

Re:200 spam per day?

[anthony_dipierro]

In this world of total non-compliance, lets offer a moment of silence in memory of how the Internet was *intended* to run. :)

Certainly not by fiat of the Internet Mail Consortium. The SMTP protocol (redundant, I know) sucks. That's why we get so much spam. The protocol wasn't written with spammers in mind. I'm certainly going to do everything in my power as an administrator to make it better, which unfortunately isn't very much.

Re:200 spam per day?

[clarkie.mg]

what do you do to get all this?

Easy :

1. Put your email not encrypted on your web page (or on other web pages).

2. Type your email on every site where they offer you "free" downloads, pictures or jokes in your mailbox.

3. Use your main email in newsgroups.

4. Read or "preview" the spam messages while connected to the net with an email client that can read html, javascript and download pictures. That way, your email is activated and gets much more spammed (I tested this and I got 10 to 20 messages with an activated email and 1 to 4 with an unactivated one.)

5. Sell your email to advertisers who promise to send you interesting ads. In fact they just resell it ! I also tested this and you get ... 100 to 200 spams DAILY with this !

6. Use some crappy webmail like hotmail (hotmerde as I call it) where either they send your email or there are so many users that spammers can send messages to anything@hotmail.com .

Other ideas ?

Re:200 spam per day?

[duncf]

Really, all you need to do is manage your address properly from the beginning, don't do obvious spam-lure tactics with it, use sneakemail/other aliasing and you're set.

Ah... I remember the days when I tried to avoid spam.... Now I collect it!

SpamAssassin

Re:200 spam per day?

[Spoing]

Late response...sorry. One of my domains has been around for about 5+ years, the others for 3+. The new spam lists might not gather those addresses. Mine might be grandfathered in; since they were added to some list(s) before, I'll get spam on those accounts forever.

Sigh

[Evil+Adrian]

I think the idea behind their site is nice, but I also think that more and more, people are realizing that the only way to really effectively block spam is to use whitelists -- no fancy schmancy algorithm is going to block spam for long.

It's a shame, because I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal.

Re:Sigh

[sheriff_p]

That's just not true. Are you using any filtering mechanisms? I'm going to assume you are, because otherwise you'd be posting just to hear yourself type.

So which are you using? And what's wrong with them? I've tried both some custom filters using 'Bayesian' categorization and also used SpamAssassin. Both have proved *highly* effective? What is it you're doing wrong?

Re:Sigh

[m0i]

And even whitelists are not 100% reliable: new viruses/trojans may collect emails from addressbooks and send spam with the From field altered to appear like a friend of yours (likely to be in your addressbook..). Now even your friends will spam you! (or so it will seem).
As long as there's no M(ail)T(ransport)P(rotocol) which get rid of the overly S(implistic), without true authentication of the sender, we will get spam because email is public in the first place.
Maybe something like email cookies would be a first step in trying to establish a pseudo-authentication system.

Re:Sigh

[paranoos]

I agree that for home users, who receive legitimate emails only from a (comparitively) small group of friends and family, would benifeit the most from a whitelist filter. However, this would never work for corporations, where they might be receiving many inquiries about goods and services by email. Furthermore, these email addresses are openly published on the company website, thus making them a brighter target for spammers.

The best filter for anybody who maintains a website would be a Bayesian filter, where the mails are analysed, with a database of words contained in spam and non-spam emails. This way, legitimate Nigerian money laundering offers would not be blocked out, while the pr0n stuff goes to /dev/null. I don't receive much email, and I would say that spam might only make up for 25-33% of all the mail I receive, so I can't yet report on the success I've been having with this method, but I am using Bogofilter, an opensource project. You can find it on SF.net

Re:Sigh

Yeah, you need a whitelist which doesn't use their email address but instead have them configure YOUR email address so its like

"Your Name +keyword"(YourAddress@Whereever.com)

and make the keyword NoSpamPlease or something, and make NoSpamPlease the thing you filter on. Pick a word which will never be in a spam message - not too hard

Re:Sigh

Digitally signing a message with a private key would eliminate forged From fields. We just need to make it easy to do for the average e-mail user.

Re:Sigh

[Albanach]

We handle circa 10,000 emails a day. Not a huge amount, but probably the same as many small businesses. Spam makes up for a very small amount of our mail - certainly less than 5%, and probably less than 2% of my inbox. We take no measures other than checking open relays against ORDB and known spammers against the SBL at spamhaus.

In the last 24 hours, ordb has caught 200 attempts to connect, spamhaus has caught one.

I suspect that by using algorithims, we can reduce our spam even further. If more ISPs were to impliment spam filtering - even as an option - to the same extent as ours, a lot less would get through. If we can get the response rate from spam to drop from a quarter of one percent to maybe a tenth of that, we may start to get close to a position where spam actually becomes uneconomic. It's only by achieving that that we'll see the current volume of spam reduced.

Re:Sigh

I have to disagree. I belong to and post to numerous lists that are archived on the web, in addition to plenty of everyday mailing. I don't do anything stupid like putting my email address in a web form unless I'm sure of the company I'm giving it to (_not_ Monster), and I haven't received any spam in 3 years. It's really not a difficult concept, but most people are idiots.

Re:Sigh

[quacking+duck]

It's a shame, because I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal.

Lure them to Nigeria first.

Re:Sigh

It's a shame, because I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal.

In a jury system, something is only illegal if Most People(tm) agree that it should be illegal. Maybe we can fix that.

Let's all take an oath. If we ever find ourselves on the jury of someone who has found a spammer, brutally tortured him, murdered his family, burnt his dog, raped his house, etc... then *whatever* the other circumstances, we'll vote to acquit.

Now, just forward this idea to everyone in your address book, and pretty soon no spammer anywhere will be safe...

Re:Sigh

[nautical9]

I've tried both some custom filters using 'Bayesian' categorization and also used SpamAssassin. Both have proved *highly* effective?

I'm currently using SpamAssassin, and although it seems to properly identify 90% of spam, it still misses a bunch, and it even occasionally marks valid emails as spam, which is a BIG no-no in my books. It means I still have to swarm through every message looking for names I recognize, just in case I nuke an important email. (I've played around with a bunch of "levels" to set it at, but to get that number high enough to let 100% of the valid emails through, it seems to let more than 50% of the spam get through).

I haven't tried any of the Bayesian stuff (yet), but I imagine it'll have a similar hit-ratio.

The problem is that if your spam-filter blocks even ONE non-spam email, it's unacceptable.

As for the public DB of spam messages, I can't see it doing much if any good - all it will do is force spammers to completely personalize/randomize each mail they send out (move a bunch of words around, swap paragraphs, add nonsense tags everywhere), so no sort of quasi-CRC check or even fuzzy-algorithm'ed spam detector could recognize it.

I'm afraid the grandparent is right - whitelists are the only way to block as much spam as possible, while guaranteeing all valid emails get through.

(ps. I like the concept of having a daily, automatically generated .GIF file with some password in it that anyone wanting to get on your whitelist reads and types in - no need to have a "handshake" of sorts before they can send you email).

Re:Sigh

[berzerke]

...If we can get the response rate from spam to drop from a quarter of one percent to maybe a tenth of that, we may start to get close to a position where spam actually becomes uneconomic. It's only by achieving that that we'll see the current volume of spam reduced...

I've been kicking around an idea to reduce the response rate, but don't know how to implement it properly (yet!). My idea is to setup what *APPEARS* to be an open relay. Spammer will try to send their garbage through it, but NOTHING will actually get delivered. That's gotta cut the response rate way down (to zero), plus saving a lot inboxes. If the response rate goes low enough, it becomes uneconomical to send spam and the spammers find a new line of work.

Anyone have any pointers for a Postfix installation?

Re:Sigh

[Jippy_]

Pick a word which will never be in a spam message

A single word might not be enough. Maybe a few words might be best. Here are a few that for sure would never be in any spam message

"Want a smaller penis?"
"Gain 30 lbs NOW!"
"Work from home and make mediocre cash!"
"This is a pyramid scheme and you'd be a gullible fool for joining. Act now!"
"Hi, I'm the Prince of Nigeria, and I'm trying to screw you out of all your money."

Yeah, those should do it..

Re:Sigh

You would have to be careful that one of the busy-body places that goes around hammering mail servers for the blackhole lists doesn't find it, classify you as open, then block your entire netblock because of it. Don't try to tell them your plan, you are EVIL EVIL RUNNING AN OPEN RELAY.

My company had a non-open-relay mail server, but that didn't stop busybodies like ORBZ from hammering it with tests once a week to "make sure".

Re:Sigh

[LinuxHam]

I haven't tried any of the Bayesian stuff (yet), but I imagine it'll have a similar hit-ratio.

Actually, I just switched from my shell hoster's systemwide spam filter (no idea what it was, but it puts X-Spam-Warning in the header) to the Bogofilter Bayesian spam filter running only in my shell account. I planned ahead and saved up over 250 spam emails (and 590 non-spam) for its first day of training. After three weeks of catching 35 and missing about 4 spams a day, it *just* marked its first legit one as spam today -- HiltonHonors assumed I wanted HTML mail and never referenced my name after the To: line. Not that HTML mail is necessarily a trigger for everyone, but it is for me.

If your mail goes through a shell account somewhere along the way, I would definitely recommend trying it out. After using pine for so many years, I can visually scan hundreds of emails in my spam folder for known senders in less than a minute. Under a minute every few days is okay by me.

Re:Sigh

[stinky+wizzleteats]

I've personally had great success with bayesian filtering. With a training corpus of only about 1500 spams and 6000 good messages, not a single spam has made it through since running it. Fearing false positives, I'm doing all my filtering on the client. All procmail does is append a spamicity score to the message header, and the user can use that for filtering. Use of a spam folder will eliminate a totally blind false positive which would result from server side filtering. I have had a few false positives on order confirmations (which, considering that you would have already written down the order number and/or saved the html order result page, is probably spam anyway), but you're usually expecting these when they come, and can pick them out of the spam folder pretty readily.

All this brings up a very important benefit to this database - training bayesian filters. I only have 1500 spams. Bayesian filters get more accurate with respect to the size of their training corpi, effectively topping out at around 6000 messages, so being able to download a couple thousand spams from this ftp site would greatly help me train my filter.

Re:Sigh

[mlefevre]

that's trivially not true - I'm on mailing lists which discuss spam and messages from those lists often contain quotes from spam, but those mailing list messages are solicited and wanted.

if I was to pass what you've just posted on to a friend, that would contain all of those phrases, but wouldn't be spam.

if slashdot sent confirmation messages when someone posted something as some forums do, then the acknowledgement for the post you just made would get caught by such a filter.

not to say that filtering on those phrases is useless, but by the definition of "spam", it's not possible to get a content filter which is 100% guaranteed not cause false positives...

Re:Sigh

[Mike1024]

It's a shame, because I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal.
--
---
evil adrian

You call yourself evil? You couldn't evil your way out of a paper bag. You're semi-evil. You're quasi-evil. You're the margarine of evil.You're the Diet Coke of evil, just one calorie, not evil enough.

Just my $0.02,

Michael

Re:Sigh

[vanyel]

...I also think that more and more, people are realizing that the only way to really effectively block spam is to use whitelists

In the long run, I think you're right, but thank the stars for spamassassin in the meantime! When I first installed it, about a year ago I think, it was blocking about 8000 message/month just to me! I checked earlier today for other reasons, and found it's grown to 13,000 blocked messages in the last month adding up to 116Meg. It's just f***ing insane. Unfortunately, the 4% it lets through adds up to over 500 messages in the last month, and it did manage to block 3 real messages, but it's still worth it...

Re:Sigh

[crisco]

Spammers confirm the functionality of open relays by sending test messages to themselves.

You could certainly escalate the smoke and mirrors by allowing a low rate of messages from a certain IP through while killing a higher rate. But spammers would escalate right back by automating the system of sending test email to themselves.

Besides, the true industrial grade spammers simply find connectivity that accommodates their practices instead of relying on open relays.

On the client side, Bayesian works for me. Well past 99% accuracy classifying a wide variety of email (not just spam vs non-spam) and of the false classifications very few of those are false positives.

Re:Sigh

[MrDemeanour]

My idea is to setup what *APPEARS* to be an open relay.

Check out Jackpot. It's a dedicated SMTP relay honeypot written in Java.
Mine ate spam addressed to about 25,000 distinct addresses last Sunday.
--
Jack.

Re:Sigh

[Puppet+Master]

I agree. Whitelists are the only way to go. Take a look at A-S-K (Active Spam Killer).
It works very well. A small Python script that checks incoming messages,
and if something within the message matches your whitelist, it delivers it.
Otherwise it sends the sender a message asking them to verify (one time only)
who they are before delivering the message.

I've used it for about 3 months now, and my spam has dropped from 175/day to 0...

Re:Sigh

[grahamsz]

Whitelists dont work.

I've determined that I have to whitelist my universities domain and my work domain since I cannot risk loosing an email from either - however many spammers now forge the from address so as to appear spamming from your own domain.

Re:Sigh

[berzerke]

... Spammers confirm the functionality of open relays by sending test messages to themselves...

Here, I would manually allow such messages to pass. I wouldn't forward any messages from orbs and a few more blackhole lists simply for fear of whole subnet blocking. Which is too bad. Gettting listed would attract more spammers to my trap.

Re:Sigh

"if I was to pass what you've just posted on to a friend, that would contain all of those phrases, but wouldn't be spam."

If you want "spam" (or what was once spam) from a friend, then you shouldn't really have an anti-spam filter - unless you know of a way for your filter to read your mind. If you can do that, then you're wasted on writing filters!

Re:Sigh

[piranha(jpl)]

If your mail goes through a shell account somewhere along the way, I would definitely recommend trying it out.

It would be better to say "if your mail can go through a shell account...". Remember that you can run fetchmail on nearly any arbitrary Unix system, having it download your POP messages, messaging it in whatever ways you want. It can then be configured to forward the resulting mail onto somewhere else, or the mail could be retrieved from that system via POP or IMAP, if the host is configured to run such a daemon. If you're feeling particularly fancy, you could also use FTP, rsync, scp, or any of the other billion ways to transfer files over the net.

I've been meaning to do this and some other stuff with my domain, thoughtcrime.us. Not full shell access, but enough for an end-user to configure their choice of SpamAssassin, Bogofilter, TMDA, or any combination of the above, through a web interface. "Real soon now." Really.

Best of...

[Shymon]

Maybe we'll get some of the more creative spamers to run a "best of spam" series. coming to a mailbox near you this holiday season.

Re:Best of...

[giminy]

May I make a nomination:

Date: Wed, 16 Oct 2002 13:21:29 -0700
From: Jasjit Fok
To: names remove to protect the innocent
Subject: Do you hava a problem with Spam?

* REMOVES
JUNK EMAIL
* BLOCKS
ADULT CONTENT
* STOPS UNWANTED NEWSLETTERS
* PROTECTS
FROM VIRUSES

Tired of junk email? Now there is a cure!

In just 5 minutes, you'll be getting only the email you want and you'll
shield yourself from all unwanted junk messages. With the leading spam
filtering software SpamCatchers, you will be able to also protect your
family from offensive messages and save valuable business time in your
office.

Simply the best at stopping spam for email programs like Outlook, Outlook
Express, Eudora, Netscape and many others, this must-have protection is
hassle-free and secure.

Go to SpamCatchers!

SPAMCATCHERS IS THE LEADER!
SpamCatchers is the most advanced and accurate content filtering software
on the market. It will protect your legitimate email messages, and it
updates all preinstalled filters automatically. Just install it and
forget it!

You will always have a clutter- and spam-free inbox! Spam email is
quarantined in SpamCatchers' Spamviewer folder where it is later deleted
automatically.

SpamCatchers also:
Monitors and filters multiple email accounts
Lets you easily create your own personal filters
Lets you decide which newsletters you want to receive or block
Updates automatically its filters

INSTALLING SPAMCATCHERS IS EASY, EVEN FOR A NOVICE COMPUTER USER!

THIS IS OUR SPECIAL INTRODUCTORY OFFER FOR YOU:

Put SpamCatchers to work for you - it's simply the easiest, fastest
and most powerful way to stop annoying, intrusive and time wasting email
messages. Order it now: starting $37. Satisfaction guaranteed!

Click here: SpamCatchers

Sincerely,
SpamCatchers Ltd.

__________________________________________________ ______________

You received this email because you signed up at TQM-Internet's website
or you signed up with a party that has contracted with TQM Internet
Direct (ref # 52417). To unsubscribe click here
www.tqm-internet.com/remove.htm. The products and/or services advertised
in this email are the sole responsibility of the advertiser, and
questions about this offer or its product or service content should be
directed to the advertiser. (C) 2002 TQM-Internet, Inc. All rights
reserved.

Re:Aha!

What sucks is that you'll get modded down. I bet every Canadian finds this hilarious. I know I do, but unfortunately, I'm not modding.

How about subscriptions?

[Zayin]

I think they should just go ahead and provide a subscription email service. That way, people can get the spam right in their inbox, instead of having to download it through ftp.

Re:How about subscriptions?

[tigress]

You are receiving this email because you opted-in to our mailinglist or visited one of our partners...

Re:How about subscriptions?

I think that's a great idea, so please everyone send your email addresses to me I'll forward the spam digest to you all.
no there is no need to thank me, I'm just a nice guy

Isn't this a dup as well ?

[jehreg]

Is there so little happening in the news, or did we hit some bizarre wormhole, and we are now going back in time ?

At this point, I think that in the last 2 days over 70% of the stories have been dups.

Re:Isn't this a dup as well ?

Say this with me.... Follow up.... F-O-L-L-O-W U-P... very good

Re:Isn't this a dup as well ?

[Pr0xY]

this is not a dup, the article you refer to spamarchive.org being opened, this article refers to them opening up an ftp service on december 4th...you should read more before you comment.

proxy

Re:Isn't this a dup as well ?

[ejeet]

At this point, I think that in the last 2 days over 70% of the COMMENTS have been "oh this is a dup".

Re:Isn't this a dup as well ?

[zozzi]

this is not a dup, the article you refer to spamarchive.org being opened, this article refers to them opening up an ftp service on december 4th...you should read more before you comment.

ah...just you wait till tomorrow and there you'll see it on the front page in all it's glory!

Re:Isn't this a dup as well ?

haha, yes, your comment is a dup and you should be lambasted as one.

Oh my! Is this comment a dup? How can that be?

I don't by any means

[Freston+Youseff]

know what SpamAssassin does, but what I do know is that it works marvelously. Occasionally, a rogue spam does make it into my inbox without being tagged. I wonder, will the opening of the Spam Archive be beneficial to the SpamAssassin developers, or does the SpamAssassin algorithm rely only on new stuff?

Re:I don't by any means

[odaiwai]

SpamAssassin is rule based and doesn't as yet use this new, dubios, spamarchive. It can use Vipul's Razor, however, as well as SPEWS, SpamCop, etc.

dave

Re:I don't by any means

[aallan]

SpamAssassin is rule based and doesn't as yet use this new, dubios, spamarchive. It can use Vipul's Razor, however, as well as SPEWS, SpamCop, etc.

But, err, SpamAssassin also uses Vipul's Razor to filter inbound mail if you ask it to...!?

Al.

Re:I don't by any means

[odaiwai]

Which is what I said. Do you have problems reading?

dave

Re:I don't by any means

I've heard of SpamAssassin, can you get it to use Vipul's Razor?

Dupe ?

[mirko]

Previous article about SpamArchive.ORG opening...

Don't save your spam!

[joostje]

I tried saving my spam for awhile just for giggles, but seeing that file grow to 100+ megs made me so angry I had to delete it.

Good thing too, it's probably illegal to save it anyway, as seen on slashdot today.

Re:Blah blah blah..

You fucken loser - it shows how much of a geek you are when you think that someone is bragging when they talk about how much spam they get.

So ...?

[Mr_Silver]

I tried saving my spam for awhile just for giggles, but seeing that file grow to 100+ megs made me so angry I had to delete it. Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!

Awww. CmdrTaco has finally installed a filter.

First they get rid of Jon Katz, now CmdrTaco is filtering his emails - as soon as Timothy starts checking for dupes we'll have to start finding new ways to take the piss :o)

Best way to detect spam messages

[Pivot]

Come to think of it, the best way to detect spam messages would be to open tan email account at a public provider, say hotmail, and then see if any mail that comes to your regular email account, also is sent to the fake account.

The email to the fake account can be discarded in any case, so you don't get more junk email this way.

Re:Best way to detect spam messages

Better this:

- run your own mail server
- everytime you have to give someone your email, just create one. IE, for site XY.com create an email name that you can trace back to site XY.com
- redirect all your incoming mail to a hidden account you read
- now, if you receive spam, check to what email is sent to, and tah-dah...there you know which site spams you

(read somewhere some times ago, could be /.)

Only 200?

[nurb432]

I get that much on my PERSONAL account, and i also 'manage' spam for a 10K user base..

Somedays, ALL I get done is dealing with spam.

Too bad we cant bill them back for my salary, and lost network resources, like we can do for un-requested faxes.

And arrest them for sending porn with out verifying a person's age. Around here, you would be either fined ( bookstore ) or arrested ( individual ) for trying such a stunt in 'real life'.

Re:Only 200?

[edgrale]

And arrest them for sending porn with out verifying a person's age.

I just got an idea, it might involve a fine/arrest/punishment on the person who does it. But it could be the push for starting a conversation in the media and on important news channels:

Start printing porn spam that you get and send it in an envelope to your senator/congressman or whoever is represententing you and send one to the media. It would be one way to try to get them to understand the problem. Put the porn letter in an envelope and put the envlope in a new envelope with an attachment that says that it could have been a child that opened the letter (warnt them that the envelope inside contains 21+ material). One would also need to state that this is going on daily on the internet and that children also receive these kind of SPAM e-mails.

It could also backfire and make them demand more control over the internet...

Re:Only 200?

[tconnors]

Too bad we cant bill them back for my salary, and lost network resources, like we can do for un-requested faxes.

And arrest them for sending porn with out verifying a person's age. Around here, you would be either fined ( bookstore ) or arrested ( individual ) for trying such a stunt in 'real life'.


Hmm, interesting problem: If you come to Australia, and break a law, and then go back to America, we can requst to get you extradited to Australia, right (not that the American government would comply)?

Similarly, if Australia passes a law banning some forms of spam (as we saw earlier, we would have to kick out Loser Alston first), and you send spam, using *my* resources, break *our* laws, physically in *our* country (the electrons are passing through my server that is under my desk), then can we not request extradition?

Bring back hanging, I say.

Re:Only 200?

[minusthink]

"It could also backfire and make them demand more control over the internet..."

what do you mean backfire?
more control is exactly what you're asking for.

Re:Only 200?

[anthony_dipierro]

What exactly do you do to manage spam for the 10K user base? Seems like whoever is paying you is wasting their money, since you can't even stop spam from coming to your own personal account.

Re:Only 200?

[nurb432]

Personal account is just that, not work related.

I do block my spam from hitting my personal desktop, however i keep track of the sheer # that i get, just for reference.

Even if i dont SEE them they are still a network resource drain.

Re:Only 200?

[anthony_dipierro]

Even if i dont SEE them they are still a network resource drain.

Oh pulease. $0.0000001 per email? That's a whole $0.00002 a day! Give me a break.

You didn't answer what your job is, so I can't further attack your job as useless (and not the fault of the spammer).

Re:Only 200?

[nurb432]

And no, i wont on an open forum.

I would like to see how you come up with taht figure however, as that is WAY too low.

Re:Only 200?

[anthony_dipierro]

Nah, you won't back up your lies, so I won't back up mine... Err... Something like that.

Re:Only 200?

Do you have ANY idea how much extradition proceedings cost? If you started extraditing spammers, your economy would be crushed under the weight of the legal costs.

Do they need donations?

[justanumber]

I have hundreds to spare..

Is this to provide a amusement to future anthropologists and social historians?

Re:Do they need donations?

This would be useful to grade school English teachers too. ;)

Spammers attack archives with copyright threats

[Richard+W.M.+Jones]

As reported in Ask Slashdot (but it didn't make it to the front page), the Great Spam Archive (est. about 3 years ago) has just received a threat of legal action from a spammer over, of all things, copyright infringement.

Rich.

Re:Spammers attack archives with copyright threats

[rakerman]

All your spam are belong to us.

Re:Spammers attack archives with copyright threats

[von+Prufer]

Hi. I notice that you have posted for the world to see a copy of my tremendous offer that I sent to everyone in the world so that they could see how easy it is to enlarge your penis.

Unfortunately, this is copyrighted.

I know what you are saying - if I sent it to everyone why should I care if you post it for everyone to see? I mean, yes, great advertising!

It works the same way as the bible, though. Sure, you can buy the holy book and just about everyone has it since everyone in this blessed country is of the faith. But if you were to post it online, thanks to Disney and other defenders of the meek, God would sue you and probably condemn you to eternal damnation.

Who wants that?

So I recommend that you pay me large sums of money to help compensate for the money I have lost due to your I-do-things-against-God compaign. We will then both be happy!

Re:Spammers attack archives with copyright threats

[PD]

Fuck that. Anything that arrives unsolicited in the mail is considered a gift.

No dupe.. follow up

[Diabolical]

This is no dupe, it's a followup on a previous story

Erm

[Fembot]

"Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!"

Nope thats actualy whats known as a Pr0n mailing list :-)

Allready been done

[burts_here]

They allredy did this once, its located at www.hotmail.com

Re:just wondering (Verio=spam)

[hoggoth]

(Raises hand)

I do. Let's check. This morning I have:
30 spams that are not directly addressed to me,
130 spams that are directly addressed to my Verio email address,
5 spams addressed directly to my personal address.

Hmmm so I think I know what the problem is.
Verio sold my email address to every spam-merchant in the world.

whitelists?

I wonder...

If (or when) everybody starts using whitelists, could we not recieve spam like viruses - from friends?
E.g., your friend sending you an email promoting this very special swedish p-enlarger, and without you noticing, your user-friendly Outlook has forwarded this mail to all your friends!

Or would that - finally - be illegal?

It doesn't take that much time

[mrneutron]

I also manage email for 10,000+ users. And I do a lot more than that; it simply does not take that much time if you handle things properly.

For corporate-wide spam blocking, sendmail has some great spam filtering features via DNS Black Lists (dnsbl). I use spamhaus.org and relays.osirusoft.com.

Add these lines to your sendmail.mc:

FEATURE(dnsbl, `sbl.spamhaus.org', `"550 Mail from " $&{client_addr} " rejected, see http://www.spamhaus.org/"')dnl

FEATURE(dnsbl, `relays.osirusoft.com', `"550 Mail from " $&{client_addr} " rejected, see http://relays.osirusoft.com"')dnl

There goes 90+% of the problem. After that, spamassassin handles the 10% that trickles through quite nicely.

If you don't use sendmail, all other modern mail relays can handle this problem in similar ways.

Re:It doesn't take that much time

[nurb432]

Unfortunetaly due to our setup i dont have as much control as is needed to really effectivly manage it, thus the amount of time i spend is MUCH higher then would normally be.

And it's not EVERY day i spend huge amounts.. but somedays it gets way out of hand. normally its much less.

Though personally i feel 1 minute is too much time.. it should not even be coming in the first place.

Re:It doesn't take that much time

[mrneutron]

Then it's time to deploy the right solution.

The time and money you invest in the sort term will be repaid many times over in the long term. Spammers will send less successful spam, which is a win for all of us. You & your users will be much happier, too.

Re:It doesn't take that much time

[Random+Walk]

These blacklists tend to block one or more complete C-class netblock(s) for each spammer, so you will loose most probably as much (or more) legitimate e-mail as with filtering by content.

Re:It doesn't take that much time

[Boss,+Pointy+Haired]

If the 10,000+ users you are talking about are individual paying customers of an ISP (you don't say in your post) then I trust you have consulted with management and customers before implementing this.

It is massively irresponsible of an ISP to decide what email their users get. SPEWS blocks a lot of non-SPAM email through their policy of targeting ISP's, not individual spammers, meaning your customers _could_ miss out on important email.

I'm not saying I have anything against SPEWS - they make it perfectly clear on their site that they hold an opinion and if you wish to share their opinion that's up to you; but I do have a problem with sysops that decide to go and implement this kind of blocking off their own backs without proper consultation.

Cheers,
PHB.

What about examples of legit mail?

[afinn]

If people are going to use this archive to automatically induce rules for recognising junk mail (e.g. using naive bayes or ripper), then they will also need at least as many examples of legitimate mail.
Of course it could be useful for evaluating classifiers built using smaller corpora.

Re:What about examples of legit mail?

[realnowhereman]

Nonsense. Novelty detection is a well established field in pattern recognition circles. Although these methods improve with the addition of abnormal examples as well as normal; there is no requirement for them.

They are often used in condition monitoring applications to detect faults in cases where the particular fault has never been seen before. The system's learn what is a working model and then shout when something falls outside those boundaries. Have a look at self organising maps and novelty detection in general

despammed.com

[neuph]

Go here. They provide free spam filtering and pop3 forwarding. They only put a small text advertisement at the bottom of each email..

Now does this make EVERY email you receive spam?

Regardless, it works. I have never received spam through their service.

Spam FTP site? Hooooray!!!

So far I've been restricted to only getting loads of spam every day, but now I can download some too!

Re:Blah blah blah..

[JTMON]

LOL....AC

Smarter Spammers

[akheron1]

Of course a blacklist like this will be better than an algorithm for the one reason that if everyone has access to this algorithm to filter their mail, then spammers could possibly just keep sending an e-mail to themself and having it be filtered by all of the different filter algorithms and changing it a bit each time until he/she has custom-tailored that spam to get through all of the filters

Re:Smarter Spammers

[beebware]

Unless there are people like me that only report spam to SpamArchive IF I feel like it. Therefore, just because a spam is in their archive that I reported, it doesn't necessarily mean it got past my filters: I might have delibertly let it through as I felt like reporting spam that day.

Not so fast...

[Raul654]

"I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal."

...Remember - most of these spammers base their operations out of China. So what we could do is somehow convice them to go there (offer them something they cannot refuse - a week's worth of unlimited serverfarm and bandwidth usage or something like that). Once they are there, we can inform the government that several dozen Falun Gong supports are in country trying to insight rebellion. Then you will get your wish.

FTP? Why not Gopher???

Gopher would be perfect for this type of thing! Why on earth are they using FTP?

Foreign spam??

[Flamesplash]

What about all the Foreign spam out there that doesn't use standard ascii like the archive seems to contain?

Almost all of my spam is from taiwan or china and sadly enough yahoo mail doesn't provide any good way to filter this out when the messages have fake headers. If I could simply filter on something in the Received path then it would help, but all they allow you to do is the From address as far as where the message came from.

Re:Foreign spam??

[PigleT]

Filter on Charset headers instead?

I was going to post my .procmailrc entry here but slashdot censored it saying "too many junk characters". So you'll have to work it out for yourself based on Content-Type headers matching

charset="?(big5|ks_c_5601-1987|iso-2022-jp|euc-k r) "?
instead.

More to the point, you never want to filter based on Received: headers, unless you can safely say that e.g. *no-one* in Korea is ever going to want to contact you. Otherwise, grab the IP# listings from IANA and see what netblocks are assigned to APNIC and score them down in your mail processing rules.

For what it's worth, I've had a lot of success using Bayesian filters to identify dodgy-charset mails - both ifile and bogofilter do a great job.

Re:Foreign spam??

[befletch]

Almost all of my spam is from taiwan or china and sadly enough yahoo mail doesn't provide any good way to filter this out when the messages have fake headers.

I find Yahoo has decent spam filtering. Ok, more accurately, it lets you create your own decent filters. There is no statistical filtering or anything, unfortunately.

Let's say your email address is "spam_victim@y.c". In your first rule, run: "If subject contains 'spam_victim' move message to trash." That gets rid of all those "Special offer for spam_victim!" messages.

In your last rule, put "If To/CC does not contain spam_victim@y.c move message to trash." I.e. trash all Bcc'd messages. Most spam is delivered this way.

Now you just need to check your trash once in a while for legitimate mailing list subscriptions, and white-list the sender: "If From contains goodguy@example.com move message to inbox."

I get lots of spam at Yahoo, but this gets rid of 95% of it.

spam algorithm

1. wget spamarchive
2. grep emailaddresses spamarchive
3. mail emailaddresses
4. ???

You know the rest...

Re:spam algorithm

[mosschops]

I originally wondered/worried about this when reporting spam using SpamCop. After receiving an automated reply from another ISP, I could see my e-mail address had been removed from the original message.

I'd certainly hope spamarchive are doing the same thing!

Re:just wondering (Verio=spam)

[Yottabyte84]

google your verio address.

osirusoft.com can be overzealous

[__aanonl8035]

Are you sure you investigated exactly
what osirusoft does?
I fint it unfortunate that so many
administrators seem to put in osirusoft
as a blacklist without examing what it
does. Osirusoft combines the blackhole
listing of many many other blackhole
listings, one of which is unfortunately,
SPEWS. SPEWS in my opinion is
overzealous with blacklisting and it
is unfortunate that osirusoft includes
them in its list. To read more about
the problem, read this posting
here

here is a relavent quote...

ii. a grep on osirusoft - which yields about 1/2 the messages -
but.. when there's a false positive, there's a really good chance that
it's in this group - and of this class of false positives, there's a close
to 100% liklihood that it's SPEWS that's given the false positive

You can alos check out antispews.

Re:osirusoft.com can be overzealous

Why must you hit return every few words? It is really annoying to read.

Re:osirusoft.com can be overzealous

[anthony_dipierro]

I have osirusoft set as a +2 in spamassassin, and I haven't gotten a single false positive due to it. I wouldn't suggest blocking based on osirusoft alone, but it makes a nice addition to the other spamassassin rules.

Re:osirusoft.com can be overzealous

[__aanonl8035]

>>I wouldn't suggest blocking based on osirusoft alone

osirusoft is combining many many rbl. The problem I have with it is osirusoft just seems to include every rbl they can get a hold of. SPEWS specifically seems to generate a lot of false positives. This seems to be because they will block entire netblocks, the administrators can not be contacted, the list is closed, and efforts to try an contact the administrators of the list are often futile as exemplified here It would seem to me that just using one or two "quality" rbl would be just as effective.

Here are some relevant quotes from people posting about their SPEWS blacklisting problems.

"Hi, we are a law firm that bought from UUnet and it seems the last owners
of this IP block were spammer. We're not, can you please remove us."
"Every heard of due diligence? Thats what you get for buying from UUNet,
you'll get unlisted when they clean up all their spammers."

"Hi, we bought from some people who turned out to have a problem with
hosting some spammers, but we're locked into a 3 year contract. We're a
small shop without the money for lawyers to get out of it. We're not
spammers, could you please unblock this one piece of IP which is just us."
"Sorry, you have to change providers. They breached your contract by
failing to provide full internet access (since people are filtering them
based on our listing)"

Re:osirusoft.com can be overzealous

[anthony_dipierro]

SPEWS specifically seems to generate a lot of false positives. This seems to be because they will block entire netblocks, the administrators can not be contacted, the list is closed, and efforts to try an contact the administrators of the list are often futile as exemplified here

Yeah, but that's what I want for spamassassin. Statistically, as long as more than 50% of the email coming from IPs in SPEWS is spam, it should have a + weight in spamassassin. If I wanted to get fancy I could put each of the separate blacklists into spamassassin individually, and weight them accordingly. Then maybe SPEWS would only get +1 instead of being mixed in with a bunch of others and getting +2. But the way I have things set now already gives me no false positives and a high kill %. Maybe it's time for some DNS based whitelists. Then I can give them negative weights in spamassassin.

Re:osirusoft.com can be overzealous

For what it's worth, I was concerned about this too. DNSRBL's are "great" in that the connection gets dropped once it's determined to be blacklisted, so you don't have to blow bandwidth to bring the mail in and reject it. Unfortunately because of this you also don't get to read most of the envelope, so you can see the relay, but not who it was destined for.

I find, in business, that people are incredibly stupid. They send you email, it gets bounced back to them and they either never notice, ignore it, or go completely insane. So I'm very concerned with the false positive thing.

I know that if you get bounced, you get the cute message in the bounce saying what to do, but as I said that's no good if your loser clients can't read.

For example, on some blacklists are... verisign. I have my domains registered with verisign. It *really sucks* to not get your notices that it's time to renew (ask www.macslash.org). Also paypal are on some. I don't use paypal, but I recognize the fact that lots of people DO use paypal.

Consequently I've been somewhat conservative on the blacklisting, I use ORDB (http://www.ordb.org), and have had pretty good luck. Probably 95% of all the spam is dead, and I just have to deal with what still comes in.

Re:osirusoft.com can be overzealous

[Halo1]

SPEWS in my opinion is
overzealous with blacklisting and it
is unfortunate that osirusoft includes
them in its list.

SPEWS not in the first place a list to block spammers, but to block spamfriendly ISP's. Given that goal, they're not overzealous at all. It's true this regularly results in collateral damage, but since this is the only way "regular" people can do something against spam-supporting ISP's, the users of SPEWS accept these consequences.

Re:osirusoft.com can be overzealous

[__aanonl8035]

>>the users of SPEWS accept these consequences.

It is difficult to acertain what the majority of users of SPEWS know, but from searching through google it seems to my (albiet limited) knowledge that the users do no know the consequences.

Part of the problem seems to be administrators subscribe to osirusoft without the knowledge of how all the various blacklists aggregated under osirusoft work. osirusoft does not state boldly and in plain language how SPEWS works.

SPEWS has many class C's blocked when sometimes the spammer was only operating in a subnet of the class C. It does not even appear that their rational of blocking an ISP for hosting a spammer is quite valid, because they do not block all of the IP ranges of the ISP, they just block on a class C, by class C basis. I suspect the reason for this is because it is easy to block a class C, but not a subnet (because of the way decimal notation of IP ranges works)

It just does not seem like these mail administrators using osirusoft know that SPEWS is blocking class C's with the goal being that if enough innocent people are affected, then those innocent people will complain and get the spammer banned. Their tool for accomplishing this is blocking class C's

Re:osirusoft.com can be overzealous

[Halo1]

If the spammer has a subnet of a class C, most of the time they do start with blocking only the spammer. If however the ISP doesn't take any action, after a while this block is indeed expanded to the /24 in which the subnet lies. It has nothing to do with the ease of notation, it's just an escalation of the block if the ISP doesn't care about its spamming customers. I don't think they include class C's or bigger blocks from an ISP if they don't contain a single spammer. Of course, if an ISP is stupid enough to start moving around its spammers from one block to another...

I think the reason that osirusoft.com doesn't state explicitely how SPEWS works, is that it contains so many different blocking lists that explaining how each individual one works would be a lot of work. They do link to all the blocking lists they use though, where you can get this information. Using the information without informing yourself first is asking for trouble imho.

Re:osirusoft.com can be overzealous

[__aanonl8035]

>>Using the information without informing yourself first is asking for trouble imho.

I do believe that is the heart of the matter. I do not believe that many administrators are going through the effort of checking each and every rbl that is listed in osirusoft.

I believe that if many of these administrators knew that SPEWS policy was to escalate cases to cover entire class C ranges (whether or not all the subnets are spammers or not such as this case) thereby doing what is termed collateral damage... many of those administrators would not be subscribed to osirusoft (due to SPEWS)

Re:osirusoft.com can be overzealous

BS. SPEWS regularly starts at the class C level.

Also, the previous poster was correct -- maps in programs like Sendmail can't handle things like slash notation correctly. The IPs in the subnet need to be fed in one by one.

Cloudmark's SpamNet/Vipul's Razor-filter/reporting

[powerbooklinux]

Outlook users on Windoze can use Cloudmark's SpamNet, which does exactly that. They are working on a version for Outlook.
http://www.cloudmark.com/
Linux users can use Vipul's Razor:
http://razor.sourceforge.net/

an idea

[giminy]

patent this idea: authoring of commercially-oriented unsolicited email specifically formatted to defeat X antispam measure (like spamassassin say).

Another idea might be to protect spam utilities using the DMCA -- if you use it, you're not allowed to figure out how it works, and you're not allowed to circumvent its spam protection.

Thought I doubt either would work, it'd be ironic to use stupid laws for protection for a change.

Blame the Victim

[fmaxwell]

Well, some people ask for it by using their personal email account for signing up on sites, posting on usenet etc.

Yeah, like those rape victims that were asking for it by wearing short skirts.

Nobody 'asked for it'. Don't you even resent the fact that spammers have made it impossible to post on Usenet with a legitimate e-mail address? Doesn't it piss you off that you have to be paranoid if some less-computer-savvy friend tells some web site to mail an article to you or sends you an online greeting card? Don't you get annoyed that every e-mail address that you post, no matter for what reason, get spammed?

Blame the criminals, not the victims.

Re:Blame the Victim

[Cheese+Cracker]

Nobody 'asked for it'.

It was a figure of speech.

Don't you even resent the fact that spammers have made it impossible to post on Usenet with a legitimate e-mail address?

Of course I'm annoyed by it, but just like crime and terrorism, you have to adapt and try to avoid it. You wouldn't park your brand new car in a crime-infested neighborhood, right? You park it where you think it might be safe to park it.

Doesn't it piss you off that you have to be paranoid if some less-computer-savvy friend tells some web site to mail an article to you or sends you an online greeting card?

Maybe you should inform them about the risks or they need to learn it the hard way by getting you pissed. ;) It's like real life, you weren't born with the knowledge that running around naked in the snow would make you sick, or that having unsafe sex might give you a deadly disease... You learned that either by trial-and-error or by getting informed. Same applies to the internet.

Don't you get annoyed that every e-mail address that you post, no matter for what reason, get spammed?

That's why you shouldn't post with your private address, but with an address that you don't care much about.

Blame the criminals, not the victims.

Spammers won't go away, so you better start adapting your life on the net to avoid them. Sometimes you have to blame yourself, because after all... you put yourself in that situation.

Re:Blame the Victim

[fmaxwell]

That's why you shouldn't post with your private address, but with an address that you don't care much about.

So I should post my resumé with an e-mail address that I won't check because it will be spammed? Do you have any idea how ridiculous that sounds?

Spammers won't go away, so you better start adapting your life on the net to avoid them.

Start? I run my own mail server and do blacklist lookups against about a dozen spammer and country blacklists. I have sophisticated rule-based processing to find spam that makes its way through. I have autoresponders on retired addresses. I create new addresses for each firm with which I do business online. On web pages I create, I use javascript to disguise the e-mail link. That I should have to do that is absurd. And most people don't have the ability to do that.

Sometimes you have to blame yourself, because after all... you put yourself in that situation.

Bullshit! Some scumball spammer just tried to send e-mail to service@, sale@, tech@, faq@, webmaster@, hr@, sales@, and root@ my domain -- despite the fact that none of those addresses was ever published -- and most were not valid.

You are back to the same old blame-the-victim approach. If someone posts a for-sale ad on Usenet or posts a resumé using their own e-mail address, the person should not blame themselves when some scumball spams them. They should blame the spammer.

You said "spammers won't go away." Yes, they will, once there is effective legislation against spam. Do you get advertisements offering kiddie porn or heroin for sale? Probably not. The reason you don't is because selling those things is illegal. Make spam illegal and the problem will largely go away.

Re:Blame the Victim

Yeah, like those rape victims that were asking for it by wearing short skirts. When hunting lions it is unwise to dress as a gazelle because the chance you are going to get eaten is a lot greater. And the chance people will give you sympathy is a lot less.

Re:Blame the Victim

[fmaxwell]

When hunting lions it is unwise to dress as a gazelle because the chance you are going to get eaten is a lot greater. And the chance people will give you sympathy is a lot less.

I have sympathy for rape victims, regardless of how they dress. With that kind of caveman view of the world, it's no wonder you post anonymously.

Re:Blame the Victim

[miu]

Spammers won't go away, so you better start adapting your life on the net to avoid them. Sometimes you have to blame yourself, because after all... you put yourself in that situation.

Would you continue to hold this position if providers commonly added bandwidth caps?

Re:Blame the Victim

[mcjulio]

Every programmer who implemented an SMTP server because it was the way things were done, without ever giving a moment's thought to the fact that the design had a barndoor-sized authentication hole in it and needed to be reworked was asking for it.

There wouldn't even be a place for spam in the world if PKI-based whitelists (just digital signing, not even encryption) were an integral part of the design from the beginning. SMTP designers traded verifiability for convenience, and now we're reaping what they sowed.

Re:Blame the Victim

[fmaxwell]

Every programmer who implemented an SMTP server because it was the way things were done, without ever giving a moment's thought to the fact that the design had a barndoor-sized authentication hole in it and needed to be reworked was asking for it.

E-mail is about interoperability. It would do no good to have a proprietary mail server to which no other e-mail provider could communicate. Everyone in the world has thought about this but the e-mail protocols were created at a time when people on the net could be trusted. Now that they no longer can, we need legislation to enforce moral behavior -- just like we have laws in meatspace making it illegal to steal cars, mug people, or pick pockets.

No one was "asking for it" (in regards to spam) any more than a woman in a short skirt is asking to be raped.

There wouldn't even be a place for spam in the world if PKI-based whitelists (just digital signing, not even encryption) were an integral part of the design from the beginning.

So after I advertise my motorcycle for sale on Usenet, who will be replying? I need to know so that I can put them on my whitelist.

Re:Blame the Victim

[Cheese+Cracker]

Spammers won't go away, so you better start adapting your life on the net to avoid them. Sometimes you have to blame yourself, because after all... you put yourself in that situation.

Would you continue to hold this position if providers commonly added bandwidth caps?

Yes. As long as there are people who are willing to pay the spammers money to spam their message across the internet, spam will continue to exist. The professional spammers make millions of dollars each year on spamming... they can afford paying for the bandwidth. And laws won't make them stop either, because they'll just move their spamming business to some small country like Vanutu or Nauru, where the laws doesn't apply.

Yahoo

[Flamesplash]

hehe, I repeat. I use yahoo mail. Maybe that's my problem right there.

I did like it when I was using unix based mail and could procmail everything. *sigh*

When/if I get a newsystem maybe I'll leave my current one up as a permanent dedicated mail client.

They should ... [Re:spam algorithm]

[clarkie.mg]

They should encrypt all emails in their archive to ensure the archive is not used as a repository of addresses.

A message in the archive would have the following structure :

X-Apparently-To: SSS-PRIVATE@yahoo.com via 216.136.175.66; 08 Nov 2002 18:06:08 -0800 (PST)
Return-Path: <SSS-PRIVATE@genial.net>
Received: from 195.74.212.103 (EHLO wanadoo.be) (195.74.212.103) by mta509.mail.yahoo.com with SMTP; 08 Nov 2002 18:06:08 -0800 (PST)
Received: from serv08.segi.ulg.ac.be (serv08.segi.ulg.ac.be [139.165.32.77]) by wanadoo.be (8.12.2/8.12.2) with SMTP id gA91wwGL2171186 for <SSS-PRIVATE@wanadoo.be>; Sat, 9 Nov 2002 02:58:58 +0100 (MET)
Received: (qmail 5590 invoked by uid 504); 9 Nov 2002 02:59:18 +0100
Received: from SSS-PRIVATE@genial.net by serv08.segi.ulg.ac.be by uid 501 with qmail-scanner-1.10 (drwebspamassassin. Clear:0. Processed in 4.216042 secs); 09 Nov 2002 01:59:18 -0000
Received: from unknown (HELO syntime) ([139.165.199.145]) (envelope-sender <SSS-PRIVATE@genial.net>) by serv08.segi.ulg.ac.be (qmail-ldap-1.03) with SMTP for <SSS-PRIVATE@wanadoo.be>; 9 Nov 2002 02:59:14 +0100
Message-Id: <4.1.20021109025847.00956180@pop.swing.be>
X-Sender: SSS-PRIVATE@pop.swing.be
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Sat, 09 Nov 2002 02:59:16 +0100
To: SSS-PRIVATE@wanadoo.be
From: "egoossens" <SSS-PRIVATE@genial.net>
Subject: t
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01
Content-Length: 3

Where I have replaced every name before a @ with SSS-PRIVATE. What do you think ?

I wouldn't give my spam archive if my emails privacy was not protected.

Note this message is not a spam.

Filter your email

[woogieoogieboogie]

Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!

It doesn't take a rocket scientist to learn how to block 99.99% of this crap.

1. Block any chinese domain.
2. Filter the keywords: sex, viagra, printer toner, extend, penis, enlargement, vitamin, from the subject line and block them.
3. Block anything with no subject or no sender.
4. Use software like http://www.mailwasher.net/ to manage your email.

Used to get 50 a day

On my older @usa.net account I would get 50+ spam messages a day. I closed it after they started charging more for their e-mail accounts. I now have a few e-mail accounts at my domain name for my website, and I get on average 10 a week. Mac OS X's Mail.app spam filter correctly sorts out the spam around 90% of the time, and I've only had one false positive. It's getting better as I use it. I'm happily impressed. my @lycos.com gets 0 spam. Zero. All spam effectively gets cut out by their spam filter and makes it into my junkmail box. (It's auto-deleted after a certain number of days, I don't know how many though.) I've been really impressed with the lycos.com mail, however. Best free mail I've found.

What should be done: Make spam sandwiches

[dagg]

I think someone should download the entire archive, print it all out onto "edible paper" (patent pending), and then stack it all into one giant spam sandwich. Add mustard as desired.

Just another use for spam (jaufs)

--
Your sex without spam

Who gets spam

[Lulu+of+the+Lotus-Ea]

I'm sure much leakage is because of underhanded ISPs, companies selling email, and the like.

But in my case--and many people's--the main problem is that I am a public personality. I do things where there is good reason to disclose my email address to strangers (in my case, because I am a writer). A lot of those strangers write me for very legitimate reasons, but obviously once an email is made public you cannot keep it to only the good guys.

It doesn't apply so much to me personally, but a similar situation is where email addresses are listed in directories--company, organizations, and so on. In those cases also, you need to publish your email to let legitimate correspondence contact you.

I've always been a little puzzled by the (somewhat naive) folks who think to answer the spam problem by hiding their email from everywhere it might leak. There are various tricks for doing this, false addresses, complex usernames, different accounts, etc. That only really works for people--typically college kids or younger--who never need to DO anything in the world. For the rest of us, hiding an email address would be like hiding our snailmail address from business contacts, because we might get junk mail from releasing it.

Is this your post?

[cebe]

While a handful of experts and analysts have applauded the project, the reaction in chat rooms and on weblogs has been muted.

"There's absolutely no reason to believe that the spams collected here will be any 'better' a sample than those collected by opening a random Hotmail account," read one posting on Slashdot.

If that's your comment, smile, you're in wired. Good to see such cynicism speaking for the whole :)

~200 a week.

I put up with it because everyone who knows me knows not to use my account from my ISP, and mainly, because I'm too damned lazy to get the ISP to kill off the e-mail account.

'sides, it's good for a laugh now and then, like when I get those 'legal highs' spams. Those're hillarious, I tell you.

Of course, on my 'real' account, I've decided to start forwarding any incoming spam to certain organizations. No, my friend, I most certainly did not sign up for Euro Farm Sex. :P

the reply-to opt-out option

[_outcat_]

This might be very slightly offtopic, given that we're talking about a spam archive here and not about the mechanics of spam itself, but I'm curious.

This story is about someone who tried a little experiment: she wanted to see if the "click here to unsubscribe" link in most spams REALLY worked. So she tried the link and got INUNDATED with MORE spam.

Anyone have experience with this? A friend of mine agrees--she says that hitting the "Unsubscribe" link just verifies that your address is in fact a real and active one.

I always thought that was bullshit, because spammers don't seem to care whether addresses work or not (see The Story of Nadine. Any comments?

--Theresa

Use this script to find out...

[EvilStein]

I found this script on the SpamAssassin mailing list. It's been pretty interesting to use.

I ran the script a few minutes ago on a machine that I host for a friend (web counter service, her websites/etc - she's been on the net for many years with her own domain/etc)

Total Messages...: 14950
Clean Messages...: 6413
Spam Messages....: 8537
Spam Percentage..: 57 percent

57% of the email out of nearly 15,000 emails in /var/log/mail are fucking SPAM!!!
That is *ridiculous*

This is with SpamAssassin, Razor, Pyzor, and several RBL lists in /etc/postfix/main.cf all running.

The spam still gets through. It sucks up bandwidth. It sucks up resources. It's really offensive sometimes. Spammers know there's no federal legislation in place to block them, so they go on their spammy ways.
Spammers are scum. They *do not care* that you don't want their spam.

Not impr tessed

If you look at them, it looks like the headers have been hand parsed. No doubt for privacy reasons. But for example, there are no RECEIVED headers, which even though often forged are needed to test RBL heuristics and many other DNS tests.

Each archive should tell you whether EVERY mail has been hand-verified to be spam. This is not clarified.

The archives are not "versioned". They should be, so if any of the corpuses need to be corrected, people know.

Overall it looks clumsily put together.

very annoying indeed...

[zonker]

agreed. in the past week i have gotten a few of these types of messages. they are not just designed to hide the spammers origin, but to also trip up filters. very annoying... fortunately popfile classifies them correctly though.

Just imagine...

[p_trinli]

...if all the thousands of man hours put into filtering, blacklists, etc., were spent creating and installing a new authenticating mail transport prococol. I know, I know, just like IPv6, it would take years to get everyone to switch over. But right now spam costs lots of money and is just plain annoying, and the situation doesn't seem to be improving much.

I say we go for it. Why not build in an easy-to-use encryption scheme too, so all the Carnivore/RIAA/etc crap won't work?

PLEASE STOP the free advertising for this company

Slashdot moderator(s), please kill any stories about this commercial anti-spam software company that is running a "trojan" site to get everyone to help improve their software for free.

Via internic, I found that the domain was registered by planetdomain. Via planetdomain, I found that the domain was registered by some guy who has an e-mail account at ciphertrust.com. Upon checking ciphertrust's website, I see that they offer a "secure e-mail gateway product that protects against spam".

Vic

Last Post!

[alpg]

Proposed Additions to the PDP-11 Instruction Set:

PI Punch Invalid
POPI Punch Operator Immediately
PVLC Punch Variable Length Card
RASC Read And Shred Card
RPM Read Programmers Mind
RSSC reduce speed, step carefully (for improved accuracy)
RTAB Rewind tape and break
RWDSK rewind disk
RWOC Read Writing On Card
SCRBL scribble to disk - faster than a write
SLC Search for Lost Chord
SPSW Scramble Program Status Word
SRSD Seek Record and Scar Disk
STROM Store in Read Only Memory
TDB Transfer and Drop Bit
WBT Water Binary Tree

- this post brought to you by the Automated Last Post Generator...