Spam Archive opening FTP service December 4

Saint Aardvark writes "The FTP archives for spamarchive.org will be opening on December 4, according to this Wired article. But there already appear to be some archives available." I tried saving my spam for awhile just for giggles, but seeing that file grow to 100+ megs made me so angry I had to delete it. Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!

I wonder

[Woogiemonger]

Wouldn't this spam archive be a form of free advertising?

Re:I wonder

[paschimghat]

Absolutely. At any rate I fail to understant what all the hoo ha is about. This is about freedom. Abuse of freedom is an inevitable other side of the coin. All snailmail boxes in North America are full of spam mail. The bloody thing keeps postal workers and printers in business. It's enterpreneurship. Ignore it, destroy it if you can't stand it and get on with life outside spam.

Re:I wonder

[RetroGeek]

Ignore it, destroy it if you can't stand it and get on with life outside spam.

I have a filter that finds the spam, and replies to it (using a trash basket return email address) with the body saying something like "go away, no one wants this nor read this".

If the reply address is a bogus email address, then the ISP response of no valid email address is deleted. If I get one to the trash basket it is deleted.

Ok, sure it increases TCP traffic, but it sends it back to the source. If we ALL did this, then the senders of spam would get, well, spammed.

just wondering

[psyklopz]

who actually gets loads of spam every day?
I get about 3 per day (3 too many!)
You always hear about these poor suckers getting 200 or so a day, but how many of us actrually have to put up with that much stuff? If I got that much, I'd just switch email accounts, cos I just wouldn't put up with it.
I'm not defending spam here, but I'm just kinda curious how much people actually do get on average.

Re:just wondering

[Evil+Adrian]

I get about 5-7 per day, on average. Not 200, but to have to get rid of 5-7 messages per day (and report them to spamcop) is very, very irritating.

No one should have to abandon an e-mail address because of unsolicited e-mail, especially (as in my case) if they've had their account for five years, and all of their friends and relatives know it...

Re:just wondering

[picz]

Who gets most spam?

People with public e-mail addresses do. Try writing a few usenet articles and have your e-mail address on a web site and wait for the spam to emerge.

Thank God for SpamAssassin

Re:just wondering

[C14L]

If people put their email adress all over the web, its no wonder. I just use some service like spamgourmet.com if I need an email address to subscribe somewhere and use a webform if you wanna contact me like C14L.com/mail. I've got no problem with spam.

Re:just wondering

[aallan]

who actually gets loads of spam every day? I get about 3 per day (3 too many!). You always hear about these poor suckers getting 200 or so a day, but how many of us actrually have to put up with that much stuff?

According to my filter logs I'm currently getting between 100 and 150 spam messages a day, I'm currently using RBL and SpamAssassin to filter my inbox so I usually only see 2 or 3 a week out of this total. Its still annoying though,

Just because you don't get any spam, doesn't mean everybody else isn't geting any...

If I got that much, I'd just switch email accounts, cos I just wouldn't put up with it.

Some people just don't have that option, you can't change your work email address, I know I certainly can't change mine...

Al.

Re:just wondering

[bluGill]

I typically get 20-30 per day. Often more than the useful email I get.

I am a firm beliver that if people really want to contact me I should not make it hard for them. I have had a few people who I did not know contact me that really should have contacted me. It doesn't happen often.

I'm also looking for a job, posting my resume with contact information uped the number of spams I get. At least the porn is outnumbered by other types of messages now, but that isn't saying much.

Re:just wondering

[Azzmodan]

Try SpamNet it does something like that, only works for Outlook 2000/XP at the moment but they say outlook express support will come soon. It generates some sort of hash from the email and compares it to its database of known spam, you can also block spam that it did not filter so it filters it next time.

Re:just wondering

[melonman]

I can't say I've ever bothered to count, but I probably get 10 or so a day. I have a dozen or so domains that give my email address as the contact, my various email addresses are plastered over several longstanding websites, I've posted a few things on usenet and all my friends have had viruses that have emailed my address to every other computer on the planet, so I would expect to be a prime target for spam.

On the other hand, the addresses are hosted on our own (leased) machines, so I would be surprised (and liable to sue) if my ISP was selling my addresses to anyone.

I have noticed that customers using webmail, especially Hotmail, get huge quantities of spam, but this seems inevitable to me.

I'd say deleting spams takes me 30 seconds a day, top whack.

Re:just wondering

[LinuxHam]

I'm still training my Bogofilter, so I'm down to about 3 getting through a day. I just checked my spam dumping ground to answer your question, and I found 141 sitting there from the last 4 days.

I went with the "assume Bogofilter is right" configuration. When a new email is determined to be spam, it is indexed by Bogofilter and dumped in the spam folder. If not, it indexes the msg as "non-spam" and dumps it in my inbox. I have to save the spam that got through to a new "isspam" folder and occasionally force Bogofilter to re-index messages in that folder as spam.

Re:just wondering

[Matts]

Switching accounts isn't always that easy. My name is Matt Sergeant, and my email address is matt@sergeant.org. I'm just not changing that because someone who lives in a million dollar home thinks my address is his public shit can.

Luckily my job is detecting spam (I'm a SpamAssassin developer too), so I'm actually quite happy to get my address harvested loads of times :-) Bring it on, spammers.

But yes, I get lots of spam. About 100 a day. Not including mailing list subscriptions I get about 5 to 10 regular pieces of email a day. That's a hell of a ratio.

Re:just wondering

[IamTheRealMike]

Please please please setup Vipuls Razor - that we can all benefit from the spamminess of your account!

Re:just wondering

[anthony_dipierro]

who actually gets loads of spam every day?

I got 34 so far today. All filtered, though, into my spam folder.

Re:just wondering

[Fweeky]

I get 20-30 a day. I've long since stopped bothering hiding my email address -- maybe 2 get through every week, and I can handle hitting Shift-S to move them to Mail/SPAM-Unfiltered.

When SpamAssassin 2.5X arrives with it's baynesien filter I'll shove them through it. Hopefully it'll push the sucess rate high enough so that when I'm getting 200/day I won't be getting 20 missed a week :)

Re:just wondering

[Openadvocate]

I used to get about 15 spam mails everyday. Then I activated some of the open relay checks and it did get 14 of them.
These days I no longer get any mails from open relays. From time to time I do see a spam mail, it mostly comes from someone abusing a proxy/cache server via the CONNECT method.

Re:just wondering

[1u3hr]

I need to get the serial emailed to me

sneakemail

Re:just wondering

[Desert+Raven]

If people put their email adress all over the web, its no wonder.

Well, it's nice that you don't need to. But, there are quite a few of us that do business on the 'net, who need to post an email address for potential customers to use to contact us. Yes, I could use a web form instead, but frankly, that's just a good way to cut down on your customer base. I *hate* it when that's the only way I can contact someone to ask a question. I figure I can't be the only one.

I use three RBLs, which average 150 blocks per day (high for the month was 326 in a single day). Spamassassin knocks out maybe 20 spam a day more. Two more per day make it through the filters to my inbox. Unfortunately, I can't just /dev/null the ones spamassassin traps, since every now and again it traps a good one.

Since I started composing this reply, spamassassin trapped two more spam messages, and one slimed it's way into my inbox.

Re:just wondering

[rednaxel]

As many slashdotters, I have several e-mail accounts. One of them, in a major ISP, occurs to have as username my first name (it was available at the time, I'm not so young). Well, this one is simply trashed, with 100+ spams per day. The spammers are making listings of name@isp.com at random, trying several 'name' combinations (like john, johnb, bjohn, and so on). Then repeat all the list for each major ISP and voilá, a enourmous list is created. After a few rounds of spam you know which ones are valid.

Re:just wondering

[Micah]

I have several websites at different domains, with a public address @most of them. But I only get maybe 5 to 10 a day combined. The sites have been up over a year (most of them) but none are horribly popular. :(

Still, I think I'm gonna set up ORBS and/or SPEWS on my server in the not-too-distant future, and maybe some firewall rules. I don't even want to admit those evil packets to the server.

200 spam per day?

[Jucius+Maximus]

Man, what do you do to get all this? I haven't gotten that many in my life to my main account.

Really, all you need to do is manage your address properly from the beginning, don't do obvious spam-lure tactics with it, use sneakemail/other aliasing and you're set.

Seriously ... in the last year, maybe 3 total spams have come to my main address. (They're all the same spam too. Something about skin care. Weird.)

Re:200 spam per day?

[Spoing]

If manage a domain, you will get one to your contact address (usually hostmaster@your.domain) and also sales@, webmaster@, and a few other garbage addresses.

Having said that, I get ~10 spams a day to these bogus accounts per domain name -- not 100.

Re:200 spam per day?

[anthony_dipierro]

If manage a domain, you will get one to your contact address (usually hostmaster@your.domain) and also sales@, webmaster@, and a few other garbage addresses.

That's why I block those accounts.

Re:200 spam per day?

[LinuxHam]

That's why I block those accounts

I know its a throwback to the days of yore, but those accounts are required to accept mail per RFC 2142 (scroll down to #5). In this world of total non-compliance, lets offer a moment of silence in memory of how the Internet was *intended* to run. :)

Re:200 spam per day?

[clarkie.mg]

what do you do to get all this?

Easy :

1. Put your email not encrypted on your web page (or on other web pages).

2. Type your email on every site where they offer you "free" downloads, pictures or jokes in your mailbox.

3. Use your main email in newsgroups.

4. Read or "preview" the spam messages while connected to the net with an email client that can read html, javascript and download pictures. That way, your email is activated and gets much more spammed (I tested this and I got 10 to 20 messages with an activated email and 1 to 4 with an unactivated one.)

5. Sell your email to advertisers who promise to send you interesting ads. In fact they just resell it ! I also tested this and you get ... 100 to 200 spams DAILY with this !

6. Use some crappy webmail like hotmail (hotmerde as I call it) where either they send your email or there are so many users that spammers can send messages to anything@hotmail.com .

Other ideas ?

Sigh

[Evil+Adrian]

I think the idea behind their site is nice, but I also think that more and more, people are realizing that the only way to really effectively block spam is to use whitelists -- no fancy schmancy algorithm is going to block spam for long.

It's a shame, because I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal.

Re:Sigh

[sheriff_p]

That's just not true. Are you using any filtering mechanisms? I'm going to assume you are, because otherwise you'd be posting just to hear yourself type.

So which are you using? And what's wrong with them? I've tried both some custom filters using 'Bayesian' categorization and also used SpamAssassin. Both have proved *highly* effective? What is it you're doing wrong?

Re:Sigh

[m0i]

And even whitelists are not 100% reliable: new viruses/trojans may collect emails from addressbooks and send spam with the From field altered to appear like a friend of yours (likely to be in your addressbook..). Now even your friends will spam you! (or so it will seem).
As long as there's no M(ail)T(ransport)P(rotocol) which get rid of the overly S(implistic), without true authentication of the sender, we will get spam because email is public in the first place.
Maybe something like email cookies would be a first step in trying to establish a pseudo-authentication system.

Re:Sigh

[paranoos]

I agree that for home users, who receive legitimate emails only from a (comparitively) small group of friends and family, would benifeit the most from a whitelist filter. However, this would never work for corporations, where they might be receiving many inquiries about goods and services by email. Furthermore, these email addresses are openly published on the company website, thus making them a brighter target for spammers.

The best filter for anybody who maintains a website would be a Bayesian filter, where the mails are analysed, with a database of words contained in spam and non-spam emails. This way, legitimate Nigerian money laundering offers would not be blocked out, while the pr0n stuff goes to /dev/null. I don't receive much email, and I would say that spam might only make up for 25-33% of all the mail I receive, so I can't yet report on the success I've been having with this method, but I am using Bogofilter, an opensource project. You can find it on SF.net

Re:Sigh

[Albanach]

We handle circa 10,000 emails a day. Not a huge amount, but probably the same as many small businesses. Spam makes up for a very small amount of our mail - certainly less than 5%, and probably less than 2% of my inbox. We take no measures other than checking open relays against ORDB and known spammers against the SBL at spamhaus.

In the last 24 hours, ordb has caught 200 attempts to connect, spamhaus has caught one.

I suspect that by using algorithims, we can reduce our spam even further. If more ISPs were to impliment spam filtering - even as an option - to the same extent as ours, a lot less would get through. If we can get the response rate from spam to drop from a quarter of one percent to maybe a tenth of that, we may start to get close to a position where spam actually becomes uneconomic. It's only by achieving that that we'll see the current volume of spam reduced.

Re:Sigh

[nautical9]

I've tried both some custom filters using 'Bayesian' categorization and also used SpamAssassin. Both have proved *highly* effective?

I'm currently using SpamAssassin, and although it seems to properly identify 90% of spam, it still misses a bunch, and it even occasionally marks valid emails as spam, which is a BIG no-no in my books. It means I still have to swarm through every message looking for names I recognize, just in case I nuke an important email. (I've played around with a bunch of "levels" to set it at, but to get that number high enough to let 100% of the valid emails through, it seems to let more than 50% of the spam get through).

I haven't tried any of the Bayesian stuff (yet), but I imagine it'll have a similar hit-ratio.

The problem is that if your spam-filter blocks even ONE non-spam email, it's unacceptable.

As for the public DB of spam messages, I can't see it doing much if any good - all it will do is force spammers to completely personalize/randomize each mail they send out (move a bunch of words around, swap paragraphs, add nonsense tags everywhere), so no sort of quasi-CRC check or even fuzzy-algorithm'ed spam detector could recognize it.

I'm afraid the grandparent is right - whitelists are the only way to block as much spam as possible, while guaranteeing all valid emails get through.

(ps. I like the concept of having a daily, automatically generated .GIF file with some password in it that anyone wanting to get on your whitelist reads and types in - no need to have a "handshake" of sorts before they can send you email).

Re:Sigh

[berzerke]

...If we can get the response rate from spam to drop from a quarter of one percent to maybe a tenth of that, we may start to get close to a position where spam actually becomes uneconomic. It's only by achieving that that we'll see the current volume of spam reduced...

I've been kicking around an idea to reduce the response rate, but don't know how to implement it properly (yet!). My idea is to setup what *APPEARS* to be an open relay. Spammer will try to send their garbage through it, but NOTHING will actually get delivered. That's gotta cut the response rate way down (to zero), plus saving a lot inboxes. If the response rate goes low enough, it becomes uneconomical to send spam and the spammers find a new line of work.

Anyone have any pointers for a Postfix installation?

Re:Sigh

[Jippy_]

Pick a word which will never be in a spam message

A single word might not be enough. Maybe a few words might be best. Here are a few that for sure would never be in any spam message

"Want a smaller penis?"
"Gain 30 lbs NOW!"
"Work from home and make mediocre cash!"
"This is a pyramid scheme and you'd be a gullible fool for joining. Act now!"
"Hi, I'm the Prince of Nigeria, and I'm trying to screw you out of all your money."

Yeah, those should do it..

Re:Sigh

[LinuxHam]

I haven't tried any of the Bayesian stuff (yet), but I imagine it'll have a similar hit-ratio.

Actually, I just switched from my shell hoster's systemwide spam filter (no idea what it was, but it puts X-Spam-Warning in the header) to the Bogofilter Bayesian spam filter running only in my shell account. I planned ahead and saved up over 250 spam emails (and 590 non-spam) for its first day of training. After three weeks of catching 35 and missing about 4 spams a day, it *just* marked its first legit one as spam today -- HiltonHonors assumed I wanted HTML mail and never referenced my name after the To: line. Not that HTML mail is necessarily a trigger for everyone, but it is for me.

If your mail goes through a shell account somewhere along the way, I would definitely recommend trying it out. After using pine for so many years, I can visually scan hundreds of emails in my spam folder for known senders in less than a minute. Under a minute every few days is okay by me.

Re:Sigh

[stinky+wizzleteats]

I've personally had great success with bayesian filtering. With a training corpus of only about 1500 spams and 6000 good messages, not a single spam has made it through since running it. Fearing false positives, I'm doing all my filtering on the client. All procmail does is append a spamicity score to the message header, and the user can use that for filtering. Use of a spam folder will eliminate a totally blind false positive which would result from server side filtering. I have had a few false positives on order confirmations (which, considering that you would have already written down the order number and/or saved the html order result page, is probably spam anyway), but you're usually expecting these when they come, and can pick them out of the spam folder pretty readily.

All this brings up a very important benefit to this database - training bayesian filters. I only have 1500 spams. Bayesian filters get more accurate with respect to the size of their training corpi, effectively topping out at around 6000 messages, so being able to download a couple thousand spams from this ftp site would greatly help me train my filter.

Re:Sigh

[vanyel]

...I also think that more and more, people are realizing that the only way to really effectively block spam is to use whitelists

In the long run, I think you're right, but thank the stars for spamassassin in the meantime! When I first installed it, about a year ago I think, it was blocking about 8000 message/month just to me! I checked earlier today for other reasons, and found it's grown to 13,000 blocked messages in the last month adding up to 116Meg. It's just f***ing insane. Unfortunately, the 4% it lets through adds up to over 500 messages in the last month, and it did manage to block 3 real messages, but it's still worth it...

Re:Sigh

[crisco]

Spammers confirm the functionality of open relays by sending test messages to themselves.

You could certainly escalate the smoke and mirrors by allowing a low rate of messages from a certain IP through while killing a higher rate. But spammers would escalate right back by automating the system of sending test email to themselves.

Besides, the true industrial grade spammers simply find connectivity that accommodates their practices instead of relying on open relays.

On the client side, Bayesian works for me. Well past 99% accuracy classifying a wide variety of email (not just spam vs non-spam) and of the false classifications very few of those are false positives.

Re:Sigh

[grahamsz]

Whitelists dont work.

I've determined that I have to whitelist my universities domain and my work domain since I cannot risk loosing an email from either - however many spammers now forge the from address so as to appear spamming from your own domain.

Re:Sigh

[berzerke]

... Spammers confirm the functionality of open relays by sending test messages to themselves...

Here, I would manually allow such messages to pass. I wouldn't forward any messages from orbs and a few more blackhole lists simply for fear of whole subnet blocking. Which is too bad. Gettting listed would attract more spammers to my trap.

Best of...

[Shymon]

Maybe we'll get some of the more creative spamers to run a "best of spam" series. coming to a mailbox near you this holiday season.

Re:Best of...

[giminy]

May I make a nomination:

Date: Wed, 16 Oct 2002 13:21:29 -0700
From: Jasjit Fok
To: names remove to protect the innocent
Subject: Do you hava a problem with Spam?

* REMOVES
JUNK EMAIL
* BLOCKS
ADULT CONTENT
* STOPS UNWANTED NEWSLETTERS
* PROTECTS
FROM VIRUSES

Tired of junk email? Now there is a cure!

In just 5 minutes, you'll be getting only the email you want and you'll
shield yourself from all unwanted junk messages. With the leading spam
filtering software SpamCatchers, you will be able to also protect your
family from offensive messages and save valuable business time in your
office.

Simply the best at stopping spam for email programs like Outlook, Outlook
Express, Eudora, Netscape and many others, this must-have protection is
hassle-free and secure.

Go to SpamCatchers!

SPAMCATCHERS IS THE LEADER!
SpamCatchers is the most advanced and accurate content filtering software
on the market. It will protect your legitimate email messages, and it
updates all preinstalled filters automatically. Just install it and
forget it!

You will always have a clutter- and spam-free inbox! Spam email is
quarantined in SpamCatchers' Spamviewer folder where it is later deleted
automatically.

SpamCatchers also:
Monitors and filters multiple email accounts
Lets you easily create your own personal filters
Lets you decide which newsletters you want to receive or block
Updates automatically its filters

INSTALLING SPAMCATCHERS IS EASY, EVEN FOR A NOVICE COMPUTER USER!

THIS IS OUR SPECIAL INTRODUCTORY OFFER FOR YOU:

Put SpamCatchers to work for you - it's simply the easiest, fastest
and most powerful way to stop annoying, intrusive and time wasting email
messages. Order it now: starting $37. Satisfaction guaranteed!

Click here: SpamCatchers

Sincerely,
SpamCatchers Ltd.

__________________________________________________ ______________

You received this email because you signed up at TQM-Internet's website
or you signed up with a party that has contracted with TQM Internet
Direct (ref # 52417). To unsubscribe click here
www.tqm-internet.com/remove.htm. The products and/or services advertised
in this email are the sole responsibility of the advertiser, and
questions about this offer or its product or service content should be
directed to the advertiser. (C) 2002 TQM-Internet, Inc. All rights
reserved.

How about subscriptions?

[Zayin]

I think they should just go ahead and provide a subscription email service. That way, people can get the spam right in their inbox, instead of having to download it through ftp.

So ...?

[Mr_Silver]

I tried saving my spam for awhile just for giggles, but seeing that file grow to 100+ megs made me so angry I had to delete it. Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!

Awww. CmdrTaco has finally installed a filter.

First they get rid of Jon Katz, now CmdrTaco is filtering his emails - as soon as Timothy starts checking for dupes we'll have to start finding new ways to take the piss :o)

Best way to detect spam messages

[Pivot]

Come to think of it, the best way to detect spam messages would be to open tan email account at a public provider, say hotmail, and then see if any mail that comes to your regular email account, also is sent to the fake account.

The email to the fake account can be discarded in any case, so you don't get more junk email this way.

Only 200?

[nurb432]

I get that much on my PERSONAL account, and i also 'manage' spam for a 10K user base..

Somedays, ALL I get done is dealing with spam.

Too bad we cant bill them back for my salary, and lost network resources, like we can do for un-requested faxes.

And arrest them for sending porn with out verifying a person's age. Around here, you would be either fined ( bookstore ) or arrested ( individual ) for trying such a stunt in 'real life'.

Re:Only 200?

[edgrale]

And arrest them for sending porn with out verifying a person's age.

I just got an idea, it might involve a fine/arrest/punishment on the person who does it. But it could be the push for starting a conversation in the media and on important news channels:

Start printing porn spam that you get and send it in an envelope to your senator/congressman or whoever is represententing you and send one to the media. It would be one way to try to get them to understand the problem. Put the porn letter in an envelope and put the envlope in a new envelope with an attachment that says that it could have been a child that opened the letter (warnt them that the envelope inside contains 21+ material). One would also need to state that this is going on daily on the internet and that children also receive these kind of SPAM e-mails.

It could also backfire and make them demand more control over the internet...

Re:Only 200?

[tconnors]

Too bad we cant bill them back for my salary, and lost network resources, like we can do for un-requested faxes.

And arrest them for sending porn with out verifying a person's age. Around here, you would be either fined ( bookstore ) or arrested ( individual ) for trying such a stunt in 'real life'.


Hmm, interesting problem: If you come to Australia, and break a law, and then go back to America, we can requst to get you extradited to Australia, right (not that the American government would comply)?

Similarly, if Australia passes a law banning some forms of spam (as we saw earlier, we would have to kick out Loser Alston first), and you send spam, using *my* resources, break *our* laws, physically in *our* country (the electrons are passing through my server that is under my desk), then can we not request extradition?

Bring back hanging, I say.

Re:Only 200?

[minusthink]

"It could also backfire and make them demand more control over the internet..."

what do you mean backfire?
more control is exactly what you're asking for.

Re:Only 200?

[anthony_dipierro]

What exactly do you do to manage spam for the 10K user base? Seems like whoever is paying you is wasting their money, since you can't even stop spam from coming to your own personal account.

Re:Only 200?

[nurb432]

Personal account is just that, not work related.

I do block my spam from hitting my personal desktop, however i keep track of the sheer # that i get, just for reference.

Even if i dont SEE them they are still a network resource drain.

Re:Only 200?

[nurb432]

And no, i wont on an open forum.

I would like to see how you come up with taht figure however, as that is WAY too low.

Do they need donations?

[justanumber]

I have hundreds to spare..

Is this to provide a amusement to future anthropologists and social historians?

Spammers attack archives with copyright threats

[Richard+W.M.+Jones]

As reported in Ask Slashdot (but it didn't make it to the front page), the Great Spam Archive (est. about 3 years ago) has just received a threat of legal action from a spammer over, of all things, copyright infringement.

Rich.

Re:Spammers attack archives with copyright threats

[rakerman]

All your spam are belong to us.

Re:I don't by any means

[odaiwai]

SpamAssassin is rule based and doesn't as yet use this new, dubios, spamarchive. It can use Vipul's Razor, however, as well as SPEWS, SpamCop, etc.

dave

No dupe.. follow up

[Diabolical]

This is no dupe, it's a followup on a previous story

Erm

[Fembot]

"Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!"

Nope thats actualy whats known as a Pr0n mailing list :-)

Re:I don't by any means

[aallan]

SpamAssassin is rule based and doesn't as yet use this new, dubios, spamarchive. It can use Vipul's Razor, however, as well as SPEWS, SpamCop, etc.

But, err, SpamAssassin also uses Vipul's Razor to filter inbound mail if you ask it to...!?

Al.

Allready been done

[burts_here]

They allredy did this once, its located at www.hotmail.com

Re:just wondering (Verio=spam)

[hoggoth]

(Raises hand)

I do. Let's check. This morning I have:
30 spams that are not directly addressed to me,
130 spams that are directly addressed to my Verio email address,
5 spams addressed directly to my personal address.

Hmmm so I think I know what the problem is.
Verio sold my email address to every spam-merchant in the world.

It doesn't take that much time

[mrneutron]

I also manage email for 10,000+ users. And I do a lot more than that; it simply does not take that much time if you handle things properly.

For corporate-wide spam blocking, sendmail has some great spam filtering features via DNS Black Lists (dnsbl). I use spamhaus.org and relays.osirusoft.com.

Add these lines to your sendmail.mc:

FEATURE(dnsbl, `sbl.spamhaus.org', `"550 Mail from " $&{client_addr} " rejected, see http://www.spamhaus.org/"')dnl

FEATURE(dnsbl, `relays.osirusoft.com', `"550 Mail from " $&{client_addr} " rejected, see http://relays.osirusoft.com"')dnl

There goes 90+% of the problem. After that, spamassassin handles the 10% that trickles through quite nicely.

If you don't use sendmail, all other modern mail relays can handle this problem in similar ways.

Re:It doesn't take that much time

[nurb432]

Unfortunetaly due to our setup i dont have as much control as is needed to really effectivly manage it, thus the amount of time i spend is MUCH higher then would normally be.

And it's not EVERY day i spend huge amounts.. but somedays it gets way out of hand. normally its much less.

Though personally i feel 1 minute is too much time.. it should not even be coming in the first place.

Re:It doesn't take that much time

[mrneutron]

Then it's time to deploy the right solution.

The time and money you invest in the sort term will be repaid many times over in the long term. Spammers will send less successful spam, which is a win for all of us. You & your users will be much happier, too.

Re:It doesn't take that much time

[Boss,+Pointy+Haired]

If the 10,000+ users you are talking about are individual paying customers of an ISP (you don't say in your post) then I trust you have consulted with management and customers before implementing this.

It is massively irresponsible of an ISP to decide what email their users get. SPEWS blocks a lot of non-SPAM email through their policy of targeting ISP's, not individual spammers, meaning your customers _could_ miss out on important email.

I'm not saying I have anything against SPEWS - they make it perfectly clear on their site that they hold an opinion and if you wish to share their opinion that's up to you; but I do have a problem with sysops that decide to go and implement this kind of blocking off their own backs without proper consultation.

Cheers,
PHB.

What about examples of legit mail?

[afinn]

If people are going to use this archive to automatically induce rules for recognising junk mail (e.g. using naive bayes or ripper), then they will also need at least as many examples of legitimate mail.
Of course it could be useful for evaluating classifiers built using smaller corpora.

Re:Isn't this a dup as well ?

[ejeet]

At this point, I think that in the last 2 days over 70% of the COMMENTS have been "oh this is a dup".

despammed.com

[neuph]

Go here. They provide free spam filtering and pop3 forwarding. They only put a small text advertisement at the bottom of each email..

Now does this make EVERY email you receive spam?

Regardless, it works. I have never received spam through their service.

Smarter Spammers

[akheron1]

Of course a blacklist like this will be better than an algorithm for the one reason that if everyone has access to this algorithm to filter their mail, then spammers could possibly just keep sending an e-mail to themself and having it be filtered by all of the different filter algorithms and changing it a bit each time until he/she has custom-tailored that spam to get through all of the filters

Not so fast...

[Raul654]

"I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal."

...Remember - most of these spammers base their operations out of China. So what we could do is somehow convice them to go there (offer them something they cannot refuse - a week's worth of unlimited serverfarm and bandwidth usage or something like that). Once they are there, we can inform the government that several dozen Falun Gong supports are in country trying to insight rebellion. Then you will get your wish.

Foreign spam??

[Flamesplash]

What about all the Foreign spam out there that doesn't use standard ascii like the archive seems to contain?

Almost all of my spam is from taiwan or china and sadly enough yahoo mail doesn't provide any good way to filter this out when the messages have fake headers. If I could simply filter on something in the Received path then it would help, but all they allow you to do is the From address as far as where the message came from.

Re:Foreign spam??

[PigleT]

Filter on Charset headers instead?

I was going to post my .procmailrc entry here but slashdot censored it saying "too many junk characters". So you'll have to work it out for yourself based on Content-Type headers matching

charset="?(big5|ks_c_5601-1987|iso-2022-jp|euc-k r) "?
instead.

More to the point, you never want to filter based on Received: headers, unless you can safely say that e.g. *no-one* in Korea is ever going to want to contact you. Otherwise, grab the IP# listings from IANA and see what netblocks are assigned to APNIC and score them down in your mail processing rules.

For what it's worth, I've had a lot of success using Bayesian filters to identify dodgy-charset mails - both ifile and bogofilter do a great job.

Re:Yay Internet ?

[Cheese+Cracker]

It's not the net's fault. Blame (or shoot) the spammer's.

Well, some people ask for it by using their personal email account for signing up on sites, posting on usenet etc. Use an email account for these purposes, and the personal email account for friends and family. I don't receive any spam on my personal email account. :)

spam algorithm

1. wget spamarchive
2. grep emailaddresses spamarchive
3. mail emailaddresses
4. ???

You know the rest...

Re:Yay Internet ?

[LinuxHam]

Some of us have been on Usenet since long before that meant we were "asking for it". That damage can't be undone.

Re:just wondering (Verio=spam)

[Yottabyte84]

google your verio address.

osirusoft.com can be overzealous

[__aanonl8035]

Are you sure you investigated exactly
what osirusoft does?
I fint it unfortunate that so many
administrators seem to put in osirusoft
as a blacklist without examing what it
does. Osirusoft combines the blackhole
listing of many many other blackhole
listings, one of which is unfortunately,
SPEWS. SPEWS in my opinion is
overzealous with blacklisting and it
is unfortunate that osirusoft includes
them in its list. To read more about
the problem, read this posting
here

here is a relavent quote...

ii. a grep on osirusoft - which yields about 1/2 the messages -
but.. when there's a false positive, there's a really good chance that
it's in this group - and of this class of false positives, there's a close
to 100% liklihood that it's SPEWS that's given the false positive

You can alos check out antispews.

Re:osirusoft.com can be overzealous

[anthony_dipierro]

I have osirusoft set as a +2 in spamassassin, and I haven't gotten a single false positive due to it. I wouldn't suggest blocking based on osirusoft alone, but it makes a nice addition to the other spamassassin rules.

Re:osirusoft.com can be overzealous

[__aanonl8035]

>>I wouldn't suggest blocking based on osirusoft alone

osirusoft is combining many many rbl. The problem I have with it is osirusoft just seems to include every rbl they can get a hold of. SPEWS specifically seems to generate a lot of false positives. This seems to be because they will block entire netblocks, the administrators can not be contacted, the list is closed, and efforts to try an contact the administrators of the list are often futile as exemplified here It would seem to me that just using one or two "quality" rbl would be just as effective.

Here are some relevant quotes from people posting about their SPEWS blacklisting problems.

"Hi, we are a law firm that bought from UUnet and it seems the last owners
of this IP block were spammer. We're not, can you please remove us."
"Every heard of due diligence? Thats what you get for buying from UUNet,
you'll get unlisted when they clean up all their spammers."

"Hi, we bought from some people who turned out to have a problem with
hosting some spammers, but we're locked into a 3 year contract. We're a
small shop without the money for lawyers to get out of it. We're not
spammers, could you please unblock this one piece of IP which is just us."
"Sorry, you have to change providers. They breached your contract by
failing to provide full internet access (since people are filtering them
based on our listing)"

Re:osirusoft.com can be overzealous

[anthony_dipierro]

SPEWS specifically seems to generate a lot of false positives. This seems to be because they will block entire netblocks, the administrators can not be contacted, the list is closed, and efforts to try an contact the administrators of the list are often futile as exemplified here

Yeah, but that's what I want for spamassassin. Statistically, as long as more than 50% of the email coming from IPs in SPEWS is spam, it should have a + weight in spamassassin. If I wanted to get fancy I could put each of the separate blacklists into spamassassin individually, and weight them accordingly. Then maybe SPEWS would only get +1 instead of being mixed in with a bunch of others and getting +2. But the way I have things set now already gives me no false positives and a high kill %. Maybe it's time for some DNS based whitelists. Then I can give them negative weights in spamassassin.

Re:osirusoft.com can be overzealous

[Halo1]

SPEWS in my opinion is
overzealous with blacklisting and it
is unfortunate that osirusoft includes
them in its list.

SPEWS not in the first place a list to block spammers, but to block spamfriendly ISP's. Given that goal, they're not overzealous at all. It's true this regularly results in collateral damage, but since this is the only way "regular" people can do something against spam-supporting ISP's, the users of SPEWS accept these consequences.

Re:osirusoft.com can be overzealous

[__aanonl8035]

>>the users of SPEWS accept these consequences.

It is difficult to acertain what the majority of users of SPEWS know, but from searching through google it seems to my (albiet limited) knowledge that the users do no know the consequences.

Part of the problem seems to be administrators subscribe to osirusoft without the knowledge of how all the various blacklists aggregated under osirusoft work. osirusoft does not state boldly and in plain language how SPEWS works.

SPEWS has many class C's blocked when sometimes the spammer was only operating in a subnet of the class C. It does not even appear that their rational of blocking an ISP for hosting a spammer is quite valid, because they do not block all of the IP ranges of the ISP, they just block on a class C, by class C basis. I suspect the reason for this is because it is easy to block a class C, but not a subnet (because of the way decimal notation of IP ranges works)

It just does not seem like these mail administrators using osirusoft know that SPEWS is blocking class C's with the goal being that if enough innocent people are affected, then those innocent people will complain and get the spammer banned. Their tool for accomplishing this is blocking class C's

Re:osirusoft.com can be overzealous

[Halo1]

If the spammer has a subnet of a class C, most of the time they do start with blocking only the spammer. If however the ISP doesn't take any action, after a while this block is indeed expanded to the /24 in which the subnet lies. It has nothing to do with the ease of notation, it's just an escalation of the block if the ISP doesn't care about its spamming customers. I don't think they include class C's or bigger blocks from an ISP if they don't contain a single spammer. Of course, if an ISP is stupid enough to start moving around its spammers from one block to another...

I think the reason that osirusoft.com doesn't state explicitely how SPEWS works, is that it contains so many different blocking lists that explaining how each individual one works would be a lot of work. They do link to all the blocking lists they use though, where you can get this information. Using the information without informing yourself first is asking for trouble imho.

Re:osirusoft.com can be overzealous

[__aanonl8035]

>>Using the information without informing yourself first is asking for trouble imho.

I do believe that is the heart of the matter. I do not believe that many administrators are going through the effort of checking each and every rbl that is listed in osirusoft.

I believe that if many of these administrators knew that SPEWS policy was to escalate cases to cover entire class C ranges (whether or not all the subnets are spammers or not such as this case) thereby doing what is termed collateral damage... many of those administrators would not be subscribed to osirusoft (due to SPEWS)

an idea

[giminy]

patent this idea: authoring of commercially-oriented unsolicited email specifically formatted to defeat X antispam measure (like spamassassin say).

Another idea might be to protect spam utilities using the DMCA -- if you use it, you're not allowed to figure out how it works, and you're not allowed to circumvent its spam protection.

Thought I doubt either would work, it'd be ironic to use stupid laws for protection for a change.

Blame the Victim

[fmaxwell]

Well, some people ask for it by using their personal email account for signing up on sites, posting on usenet etc.

Yeah, like those rape victims that were asking for it by wearing short skirts.

Nobody 'asked for it'. Don't you even resent the fact that spammers have made it impossible to post on Usenet with a legitimate e-mail address? Doesn't it piss you off that you have to be paranoid if some less-computer-savvy friend tells some web site to mail an article to you or sends you an online greeting card? Don't you get annoyed that every e-mail address that you post, no matter for what reason, get spammed?

Blame the criminals, not the victims.

Re:Blame the Victim

[Cheese+Cracker]

Nobody 'asked for it'.

It was a figure of speech.

Don't you even resent the fact that spammers have made it impossible to post on Usenet with a legitimate e-mail address?

Of course I'm annoyed by it, but just like crime and terrorism, you have to adapt and try to avoid it. You wouldn't park your brand new car in a crime-infested neighborhood, right? You park it where you think it might be safe to park it.

Doesn't it piss you off that you have to be paranoid if some less-computer-savvy friend tells some web site to mail an article to you or sends you an online greeting card?

Maybe you should inform them about the risks or they need to learn it the hard way by getting you pissed. ;) It's like real life, you weren't born with the knowledge that running around naked in the snow would make you sick, or that having unsafe sex might give you a deadly disease... You learned that either by trial-and-error or by getting informed. Same applies to the internet.

Don't you get annoyed that every e-mail address that you post, no matter for what reason, get spammed?

That's why you shouldn't post with your private address, but with an address that you don't care much about.

Blame the criminals, not the victims.

Spammers won't go away, so you better start adapting your life on the net to avoid them. Sometimes you have to blame yourself, because after all... you put yourself in that situation.

Re:Blame the Victim

[fmaxwell]

That's why you shouldn't post with your private address, but with an address that you don't care much about.

So I should post my resumé with an e-mail address that I won't check because it will be spammed? Do you have any idea how ridiculous that sounds?

Spammers won't go away, so you better start adapting your life on the net to avoid them.

Start? I run my own mail server and do blacklist lookups against about a dozen spammer and country blacklists. I have sophisticated rule-based processing to find spam that makes its way through. I have autoresponders on retired addresses. I create new addresses for each firm with which I do business online. On web pages I create, I use javascript to disguise the e-mail link. That I should have to do that is absurd. And most people don't have the ability to do that.

Sometimes you have to blame yourself, because after all... you put yourself in that situation.

Bullshit! Some scumball spammer just tried to send e-mail to service@, sale@, tech@, faq@, webmaster@, hr@, sales@, and root@ my domain -- despite the fact that none of those addresses was ever published -- and most were not valid.

You are back to the same old blame-the-victim approach. If someone posts a for-sale ad on Usenet or posts a resumé using their own e-mail address, the person should not blame themselves when some scumball spams them. They should blame the spammer.

You said "spammers won't go away." Yes, they will, once there is effective legislation against spam. Do you get advertisements offering kiddie porn or heroin for sale? Probably not. The reason you don't is because selling those things is illegal. Make spam illegal and the problem will largely go away.

Re:Blame the Victim

[fmaxwell]

When hunting lions it is unwise to dress as a gazelle because the chance you are going to get eaten is a lot greater. And the chance people will give you sympathy is a lot less.

I have sympathy for rape victims, regardless of how they dress. With that kind of caveman view of the world, it's no wonder you post anonymously.

Re:Blame the Victim

[fmaxwell]

Every programmer who implemented an SMTP server because it was the way things were done, without ever giving a moment's thought to the fact that the design had a barndoor-sized authentication hole in it and needed to be reworked was asking for it.

E-mail is about interoperability. It would do no good to have a proprietary mail server to which no other e-mail provider could communicate. Everyone in the world has thought about this but the e-mail protocols were created at a time when people on the net could be trusted. Now that they no longer can, we need legislation to enforce moral behavior -- just like we have laws in meatspace making it illegal to steal cars, mug people, or pick pockets.

No one was "asking for it" (in regards to spam) any more than a woman in a short skirt is asking to be raped.

There wouldn't even be a place for spam in the world if PKI-based whitelists (just digital signing, not even encryption) were an integral part of the design from the beginning.

So after I advertise my motorcycle for sale on Usenet, who will be replying? I need to know so that I can put them on my whitelist.

Re:Blame the Victim

[Cheese+Cracker]

Spammers won't go away, so you better start adapting your life on the net to avoid them. Sometimes you have to blame yourself, because after all... you put yourself in that situation.

Would you continue to hold this position if providers commonly added bandwidth caps?

Yes. As long as there are people who are willing to pay the spammers money to spam their message across the internet, spam will continue to exist. The professional spammers make millions of dollars each year on spamming... they can afford paying for the bandwidth. And laws won't make them stop either, because they'll just move their spamming business to some small country like Vanutu or Nauru, where the laws doesn't apply.

Yahoo

[Flamesplash]

hehe, I repeat. I use yahoo mail. Maybe that's my problem right there.

I did like it when I was using unix based mail and could procmail everything. *sigh*

When/if I get a newsystem maybe I'll leave my current one up as a permanent dedicated mail client.

They should ... [Re:spam algorithm]

[clarkie.mg]

They should encrypt all emails in their archive to ensure the archive is not used as a repository of addresses.

A message in the archive would have the following structure :

X-Apparently-To: SSS-PRIVATE@yahoo.com via 216.136.175.66; 08 Nov 2002 18:06:08 -0800 (PST)
Return-Path: <SSS-PRIVATE@genial.net>
Received: from 195.74.212.103 (EHLO wanadoo.be) (195.74.212.103) by mta509.mail.yahoo.com with SMTP; 08 Nov 2002 18:06:08 -0800 (PST)
Received: from serv08.segi.ulg.ac.be (serv08.segi.ulg.ac.be [139.165.32.77]) by wanadoo.be (8.12.2/8.12.2) with SMTP id gA91wwGL2171186 for <SSS-PRIVATE@wanadoo.be>; Sat, 9 Nov 2002 02:58:58 +0100 (MET)
Received: (qmail 5590 invoked by uid 504); 9 Nov 2002 02:59:18 +0100
Received: from SSS-PRIVATE@genial.net by serv08.segi.ulg.ac.be by uid 501 with qmail-scanner-1.10 (drwebspamassassin. Clear:0. Processed in 4.216042 secs); 09 Nov 2002 01:59:18 -0000
Received: from unknown (HELO syntime) ([139.165.199.145]) (envelope-sender <SSS-PRIVATE@genial.net>) by serv08.segi.ulg.ac.be (qmail-ldap-1.03) with SMTP for <SSS-PRIVATE@wanadoo.be>; 9 Nov 2002 02:59:14 +0100
Message-Id: <4.1.20021109025847.00956180@pop.swing.be>
X-Sender: SSS-PRIVATE@pop.swing.be
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
Date: Sat, 09 Nov 2002 02:59:16 +0100
To: SSS-PRIVATE@wanadoo.be
From: "egoossens" <SSS-PRIVATE@genial.net>
Subject: t
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01
Content-Length: 3

Where I have replaced every name before a @ with SSS-PRIVATE. What do you think ?

I wouldn't give my spam archive if my emails privacy was not protected.

Note this message is not a spam.

Re:I don't by any means

[odaiwai]

Which is what I said. Do you have problems reading?

dave

What should be done: Make spam sandwiches

[dagg]

I think someone should download the entire archive, print it all out onto "edible paper" (patent pending), and then stack it all into one giant spam sandwich. Add mustard as desired.

Just another use for spam (jaufs)

--
Your sex without spam

Who gets spam

[Lulu+of+the+Lotus-Ea]

I'm sure much leakage is because of underhanded ISPs, companies selling email, and the like.

But in my case--and many people's--the main problem is that I am a public personality. I do things where there is good reason to disclose my email address to strangers (in my case, because I am a writer). A lot of those strangers write me for very legitimate reasons, but obviously once an email is made public you cannot keep it to only the good guys.

It doesn't apply so much to me personally, but a similar situation is where email addresses are listed in directories--company, organizations, and so on. In those cases also, you need to publish your email to let legitimate correspondence contact you.

I've always been a little puzzled by the (somewhat naive) folks who think to answer the spam problem by hiding their email from everywhere it might leak. There are various tricks for doing this, false addresses, complex usernames, different accounts, etc. That only really works for people--typically college kids or younger--who never need to DO anything in the world. For the rest of us, hiding an email address would be like hiding our snailmail address from business contacts, because we might get junk mail from releasing it.

the reply-to opt-out option

[_outcat_]

This might be very slightly offtopic, given that we're talking about a spam archive here and not about the mechanics of spam itself, but I'm curious.

This story is about someone who tried a little experiment: she wanted to see if the "click here to unsubscribe" link in most spams REALLY worked. So she tried the link and got INUNDATED with MORE spam.

Anyone have experience with this? A friend of mine agrees--she says that hitting the "Unsubscribe" link just verifies that your address is in fact a real and active one.

I always thought that was bullshit, because spammers don't seem to care whether addresses work or not (see The Story of Nadine. Any comments?

--Theresa

Use this script to find out...

[EvilStein]

I found this script on the SpamAssassin mailing list. It's been pretty interesting to use.

I ran the script a few minutes ago on a machine that I host for a friend (web counter service, her websites/etc - she's been on the net for many years with her own domain/etc)

Total Messages...: 14950
Clean Messages...: 6413
Spam Messages....: 8537
Spam Percentage..: 57 percent

57% of the email out of nearly 15,000 emails in /var/log/mail are fucking SPAM!!!
That is *ridiculous*

This is with SpamAssassin, Razor, Pyzor, and several RBL lists in /etc/postfix/main.cf all running.

The spam still gets through. It sucks up bandwidth. It sucks up resources. It's really offensive sometimes. Spammers know there's no federal legislation in place to block them, so they go on their spammy ways.
Spammers are scum. They *do not care* that you don't want their spam.