Spam Conference in Boston

bpfinn writes "Are you working on your own anti-spam solution? Would you like to compare notes with other coders? You'll get your chance at the Spam Conference in Cambridge on January 17, 2003. Among the speakers are: Paul Graham (of "a plan for spam" fame), ESR, John Graham-Cumming (of "POPFile" fame), and Matt Sergeant from MessageLabs. According to the homepage, this conference will be very informal: "no fees, sponsorships, proceedings, luncheons, contests, etc. Just a series of quick, concentrated talks, and then we all go off and get Chinese food." Slashdotters who are peeved about spam can register here."

Our only hope

[unterderbrucke]

is a nationwide spam database

Re:Our only hope

[spongman]

these are easy to circumvent by just putting some random numbers (hapaxes) at the bottom of the spam.

better to use something like spambayes that learns from your actions and doesn't depend on external decisions, corruption and mistakes.

SpamAssassin

Can't everyone at least try SpamAssassin before saying spam is a problem?

Re:SpamAssassin

[niker]

The reason why I'm using it (spam assassin) is because spam is a big issue in my e-mail accounts. :( That's all

Re:SpamAssassin

No, Mozilla is where it's at! Spam killing in Mozilla Mail is gonna be even bigger than pop-up blocking!

Re:SpamAssassin

[danny256]

Does it work with web based hotmail or outlook express?

Re:SpamAssassin

I found another program to be more effective and it works also with outlook/outlook express. It is called Popfile, and it uses the baesyan approach to filter out spam. It's effectivness increases over the time, but it gets quite effective after the first day. I would say it becomes fully effective after a week. After the first week It correctly filtered all the spam I recieved (more or less 150 messages per week) with no false positive. And it is also free. ;))

Oh I didnt know

[brejc8]

What they should do is to advertise the event using popups.

Re:Oh I didnt know

[mark-t]

popups can be traced though... they use a p2p connection.

Re:Oh I didnt know

:)
Right, kid.

Ironically

The conference was promoted and advertised through an unsolicited mass mailing to over 100 million email addresses.

Heh

[Em+Emalb]

"Are you working on your own anti-spam solution? Would you like to compare notes with other coders?"

If you are, and would like the NATIONAL EXPOSURE only email can get you, call the number listed below. You will be giving MILLIONS the opportunity to receive your amazing breakthrough via email.

To unsubscribe (suckers!!) please click the link below.

Re:Heh

I clicked the link and it just forwarded me to your journal. How the hell am I supposed to unsubscribe from there? Magic?

Re:Heh

you should be getting a call from tech support soon. Are you at 555-1212?

Re:Heh

Yeah, that's me. Hopefully no one will call me with any irresistable business proposals while I'm waiting for you to call... I'm all hopped up on cold medicine and vodka and feeling very agreeable. I'm likely to give them my bank account number - no questions asked!

Sweet!

[intermodal]

A conference where they actually confer and (As implied by going to eat together) discuss what they're talking about rather than just visiting booths. It's about time some of that hacker-ethic efficiency made its way to the computer conference world.

Re:Sweet!

Without booths, where would the booth babes be located? Anyone know if Ceren likes Chineese food?

Re:Sweet!

And don't forget the freebies!

Re:Sweet!

[Zeinfeld]

A conference where they actually confer and (As implied by going to eat together) discuss what they're talking about rather than just visiting booths. It's about time some of that hacker-ethic efficiency made its way to the computer conference world.

Well that is pretty much how conferences start. They begin as a technical session with 5 experts talking and 50 people in the audience, then the next year there are more people and the program gets longer. The year after that there is an exhibition which the year after becomes an exhibition floor. After that the whole thing goes downhill and turns into a trade show.

That is exactly how the RSA Conference and Interop began.

I am somewhat disappointed by the means of choosing the papers, basically the first people to propose a talk. As a result the spam conference will only be discussing filtering approaches based on identifying the spam. The alternative approaches based on authenticating the genuine signal simply won't get a hearing.

The problem with filtering approaches is that they only work as long as the attacker does not have access to the filter. If the attacker does have access to the filter they can repeatedly test and modify their spam until it gets through. That is why the filtering built into Outlook fails, the attackers have access to the filter and can use countermeasures.

Filtering techniques are a hacker solution, they only solve the problem for the small community of hackers that use them. Once they are used generally they fail.

Re:Sweet!

[Jace+of+Fuse!]

The alternative approaches based on authenticating the genuine signal simply won't get a hearing.

Maybe you should attend and give your view on things?

Re:Sweet!

[intermodal]

"I am somewhat disappointed by the means of choosing the papers, basically the first people to propose a talk. As a result the spam conference will only be discussing filtering approaches based on identifying the spam. The alternative approaches based on authenticating the genuine signal simply won't get a hearing. "

That's where the "confer" portion comes in. If that's your concern, go and say it over Chinese, or see if you can't get ahold of someone who is going to bring it up for you.

security?

[2MuchC0ffeeMan]

umm...

since spammers and advertisers always stay one step ahead of technology, shouldn't users register to get in?

i know there's a few spam artists out there i'd like to keep out. any open source software or ideas they come up with and speak about may be directly spoken to the enemy.

granted, this is worst case scenerio, but oh well

Re:security?

Uh, yeah, it's OPEN SOURCE. The "enemy" can download it, use it, and modify anyway.

Re:security?

[SweetAndSourJesus]

Yeah, but then you've got the whole "security thru obscurity" thing working. It's no good to come up with a spam-fighting technology that doesn't work if spammers know about it. That's why we have tools like SpamAssassin, where it doesn't matter if they're aware your're using it.

Haven't heard about this for a while

[Henry+V+.009]

Whatever happened to that idea where any message sender (with a white list to op certain ones out) would have to make a nummerically intensive calculation before delivering the message? Easy for single messages, but hard for a million.

Re:Haven't heard about this for a while

[SweetAndSourJesus]

What's to stop someone from setting up an smtp server that doesn't give a flying fork about numerically intensive computations?

Assuming we had control over every smtp server in the world, how would this work?


Server: what's 2+2?
Client: hold on a sec....
Client: 4
Server: hold on a sec...
Server: (figures out 2+2)
Server: right, 4. carry on.


See, all you'd be doing is tying up both ends of the line.

Re:Haven't heard about this for a while

[Henry+V+.009]

Hardly. The question you ask is: Factor this large number. Or any question that is significantly easier to verify than to solve.

Re:Haven't heard about this for a while

Novel approach.

But what do you do if you're yahoo, hotmail, or AOL? You don't want to have to beef up your MX hosts to be able to process that many requests from single users.... let alone the spammers and bulk senders who will still stay in business.

Re:Haven't heard about this for a while

[SweetAndSourJesus]

As things stand now, it's simple to prevent a host from sending a flood of messages. This isn't really the issue at hand. As fabtrabulous as your solution may be, it's not going to do anything about all the fuckwits with open relays out there, who are one of the roots of the problem.

Your smtp may be tight as tight, but some damned fool out there doesn't know his server is getting pimped.

Re:Haven't heard about this for a while

[Henry+V+.009]

I'd imagine you would implement most of it client-side. The mail server would simply give you a list of messages, as well as challenge questions and the responses to challenge questions. The client software then decides whether to throw a piece of mail in the junk folder. That way there is no more demand on the mail server than before.

Moreover, mailing lists would simply ignore the challenge questions, and rely on user white-lists to let them through.

Re:Haven't heard about this for a while

[Henry+V+.009]

I gave the solution in another post on this thread. Almost all of this is implemented client-side. A spammer would need a super-computer to get the mail out even if he had an open-relay to use.

Re:Haven't heard about this for a while

[brain159]

no, because *your* server at the first point you have control over it (your isp running a suitable filter for you, your box if you self-MX your mail, your company's mail servers at work) check for a valid "work effort" header which works by some cunning crypto which I'm going to handwave over at this point.

Spam sent through Hoo Thee Fusk's open mail server at some korean primary school won't have had a crypto challenge "stamp" calculated, so (once the process has had good enough uptake among all the properly maintained relay servers) your server can just say "no stamp? *fail*".

Re:Haven't heard about this for a while

It's called open relay for a reason. A misconfigured relay (one which accepts mail from strangers to strangers) is likely to be misconfigured with regard to these calculations too. Spammer sends mail to open relay: cheap. Open relay does all the hard work: costly, but not for the spammer. Spammer cares: not at all. Unless you want to remove all relaying from the email system, in which case you end up with something similar to an instant message system, hash cash or whatever you want to call it, is not a solution. I wish people would stop bringing it up, hoping to gain a few karma points, whenever someone mentions spam. The time spent to repeatedly argue over this concept could be better spent on concepts which have not been discussed as often and actually have a chance of being useful.

Re:Haven't heard about this for a while

You'd have to verify that the server which vouches for the work effort is trustworthy. Either no relaying with this system (because you only trust your own server and therefore can't accept relayed mail) or back to square one.

Re:Haven't heard about this for a while

[Henry+V+.009]

Oh no, I really don't want to waste your precious time arguing when you're so busy thinking about all sorts of ways to stop spam that will be so much more valuable than this piss-poor excuse for an anti-spam implementation.

Now, here is where you fail to understand the system.

Say that Bob wants to send a message to Alice. In fact, Bob even uses an open relay. Alice has a list of computationally intensive questions that she has uploaded to her mail server. When Bob wants to send a message to Alice, his mail server (the open relay) queries Alice's mail server, and gives Bob one of Alice's questions. Bob can then choose to include an answer to the question with his message or not.
Once Bob's message reaches Alice, her client software looks at the answer to the question. If the answer is not there, or is incorrect, the message is sent to junk mail.

Now imagine that Trent is an evil spammer. He sends out a million messages around the world every day through an open relay. Unfortunately, he doesn't have the computing power to answer a million different questions. He still sends out a bunch of spam from the open relay. And it all gets to the various Alices of the world. But none of the messages have correct answers on them, so they all get filed in Junk Mail.

Re:Haven't heard about this for a while

What you're proposing implies that you want to abolish relaying: If you need to contact the end of the relay chain to get a challenge, you can just as well skip the rest of the chain for the sending part too. I dare you to implement it. Going from idea to implementation sometimes helps discovering the inherent flaws of an idea. Start with asking yourself why relaying is used today.

Re:Haven't heard about this for a while

[Henry+V+.009]

A solution that would allow relaying would be to store Alice's (and everybody else's) questions on some sort of centralized server. You wouldn't need to change the mail server software at all then.

Can you think of any more holes in the idea? It would help if you took enough time on your objections to avoid the ones with obvious answers.

Re:Haven't heard about this for a while

Please do it. You will save everybody else a lot of time by figuring out yourself why hash cash does not work. An interactive chat may be useful for relatively new ideas, but this one has been discussed so many times that in order to justify any further discussion and disprove the arguments of the objectors, someone has to provide a proof of concept implementation at the very least. Next and last hint: How is a "centralized server" going to avoid all situations which demand relaying? (offline servers, network disruptions, direct external connections prohibited by network policy, ...)

Re:Haven't heard about this for a while

[littleRedFriend]

I'm sure someone came up with this idea already. But these spammers have lists of E-mail adresses, mostly coming from automatic E-mail harvesters.

If everyone put a couple of pages with a few hundred thousand fake E-mail adresses (automatically generated) wouldn't that make these lists less valuable.

It would increase the amount of spam at first, but given enough fake adresses, it would come down in the end. It's a number game, to put someone who "owns" 1 million real E-mail adresses out of business, you would need to post some 100 million fake ones for him to harvest. That is no more than 2.5 Gb of HTML and some coordinated effort.

mmmm...

Re:Haven't heard about this for a while

[Henry+V+.009]

The central server is only for the challenge questions. Mail still gets relayed.

Re:Haven't heard about this for a while

[Jucius+Maximus]

"If everyone put a couple of pages with a few hundred thousand fake E-mail adresses (automatically generated) wouldn't that make these lists less valuable."

The serious spam harvesters would just dump all the results from your domain.

Re:Haven't heard about this for a while

[minas-beede]

"no, because *your* server at the first point you have control over it."

What if the open relay operator is a BOFH? HE has control over the spam while its on his system. He gets control of the spam by inducing the spammer to regard him as an open relay. He does THAT by delivering the relay tests the spammer sends to him. He may be able to induce the spammer to send the relay tests by nominating HIMSELF to a DNSBL. If the BOFH relay operator stops the spam you'll never even see it.

Naturally the BOFH doesn't want to screw up his mail server so he does all these things on a non-mail-server IP.

Look this over again. Simple, isn't it? Once the spammers are sending you spam you can be the ultimate BOFH and get applause for doing it. Even if you act silently you can applaud yourself.

Great for the big boys, the guys who work for ISPs, companies, universities, etc. How about the poor fellow who just has a home system with a cable or DSL connection? Does he have to miss out on the fun?

No, he doesnpt have to sit this one out. There's a program just for him, if he has a JVM (Java Virtual Machine) on his system (or can get one): Jackpot.

http://jackpot.uk.net/

Depending on where you are (and it may be the home user in South America has a huge advantage in this) you may be able to stop a massive quantity of spam.

Let's see - tomorrow is New Year's Resolutions time. How about "I resolve to help kill off relay spam in 2003 - I'll run a relay spam honeypot"?

If enough make this resolution and follow through then it will truly be a Happy New Year.

Re:Haven't heard about this for a while

[minas-beede]

"The serious spam harvesters would just dump all the results from your domain."

Well of course there is already Webpoison which does create spurious addresses just for harvestors. And I think I recall seeing a huge block of trapped spam on Michael Tokarev's Moscow honeypot with what looked to me like this kind of fake, generated email address. I can't remember if this was or wasn't Ralsky spam. Ralsky is, I think, a serious spam harvester.

There are also web pages on the net salted with the dropbox addresses some spammers use for their test messages. I know because I trap test messages and do Google searches on the names in the addreses. For instance, "china9988@21cn.com".

Google for china9988 - see what you find. (It's not earth-shattering but you do find people all over the world who have correctly identified spammer test message dropboxes just from the logs.) Now if you whitelisted email to the above address you'd probably soon be rejecting tons of spam, wouldn't you? Hmmm - that would be annoying on your server, what else could you do?

here you go

[SweetAndSourJesus]

vipul's razor.

happy now?

At least they own up to it...

From the registration form:

(Don't use an address with over-aggressive spam filtering set up on it, because if the confirmation bounces, you won't be registered.)

It's like they know they're losing the game.

Repost?

Isn't this a report from a while ago? I distinctly remember cracking a hilarious joke about the conference invitations being sent as unsolicited email. It got moderated as -1: Flamebait after a while.

Please tell me this is a repost and I am not making this up, otherwise I am in for psychiatric treatment. (with wild look in his eyes) Ma, I see unpublished Slashdot stories!

Re:Repost?

[dacarr]

Sort of - there was an article earlier about it. Of course, now that ESR has confirmed, they had to rehash teh article. =^_^=

Focus

[The+Bungi]

I do hope they focus on the bandwidth problem. We've all seen the recent stories here about the slimeball spammer who's return rate is something to the tune of 0.000001% for 100 million messages. Or some such statistic. And yet he's swimming in $$.

The better spam filters get, the more horsepower these fuckers are going to put into plying their trade. That 100 million herbal viagra batch didn't work? Oh, OK, let's send out 1 billion messages then.

Their capacity to add processing power to their operations will grow exponentially as the efficiency of spam blocks increases. But there's only so much bandwidth to go around. Ergo, suffer the ISP (mine and yours, not theirs). Something's gotta give.

I shudder to even contemplate it, but unless their revenue stream is cut off, this is going to continue. And that means educating users to NOT FUCKING BUY ANYTHING SOLD THROUGH SPAM. Until then, well...

Re:Focus

[viscous]

I happen to agree that the bandwidth eaten by spam is the ultimate problem, and that filtering doesn't really address that. But out of fairness I thought I would mention the counter-argument made by the proponents of filtering:

If you get enough of the large ISPs and electronic mail services to filter all their customer's mail - enough to eliminate (say) 95% of the spam currently getting delivered - then the spammers will only be making 5% of the sales they are currently making. Which may be enough to drive them out of business.

I don't believe it will work, but that's the party line I expect you'll be hearing at the conference.

Re:Focus

[MacAndrew]

I shudder to even contemplate it, but unless their revenue stream is cut off, this is going to continue. And that means educating users to NOT FUCKING BUY ANYTHING SOLD THROUGH SPAM. Until then, well...

Yes, but ... the crowd that's buying herbal Viagra is a tough one to reason with by definition. Then there are the "get rich quick" suckers -- just try explaining basic math to them.

There's an old saying that some people will buy anything. Spamming is about locating them. The rest of us get caught in the overspray.

Re:Focus

[Dalcius]

Some folks forget that the spammer has to have an internet connection some place. I'm not familiar with their arrangements, but all of their bandwidth tax goes through one or a few places that are directly hooked up to their networks -- unless they go distributed, which will be a bit harder than a one-office shop, their host might just say "enough is enough".

Just a thought.

Re:Focus

You don't get it do you. Spammers are con-men. They con their customers into thinking that "targeted email" is going to sell their product and "highlight their product". Of course it never does. Or even if it does: the spammer always wins.

It's the desperate shops and smalltime con ops who need to stop buying spam services.

Re:Focus

[sfe_software]

I happen to agree that the bandwidth eaten by spam is the ultimate problem...

For me personally, bandwidth isn't an issue. I'm on DSL, my servers are locked up tight and not contributing to the problem... for me, the problem is that 95% of the time my "New Mail" alert goes off, it's all SPAM. I don't care about the bandwidth issues; doesn't affect my home connection much, and doesn't affect my server's connection at all. It's my time.

My solution? Well, I haven't found a perfect solution, but (given that bandwidth isn't my main concert) Mozilla's bayessian (sp?) filtering is working well so far. Hopefully the next major Moz release will handle this better.

Currently (1.3a) it marks SPAM as "Junk" mail automatically. After only a few days it easily recognized SPAM. After a week there have been NO false positives. After 2 weeks it seems to be dead-on accurate.

Hopefully the next Moz release will let me do more with it (such as NOT playing my "New Mail" sound, marking them read, moving them to a Junk folder, etc). So far 1.3a is showing serious promise, at least in the filtering part. It uses Bayessian filtering (based on the Plan for Spam article linked above -- a good read if you haven't seen it), and is quite good so far. I would personally be happy if, using the Mozilla current implementation, I could never see mail Mozilla sees as "Junk" mail.

My point was simply that for me, bandwidth isn't the problem -- and I run several (not open-relay) mail servers -- rather, the problem is the time I spend manually filtering SPAM from real mail (running several domains). Bayessian filtering is perfect, as it's based on the individual user. It's what got me to try Mozilla mail again in the first place (first time since M12), and already, just having it mark them as "Junk", it's saved me a ton of time.

Re:Focus

[IntlHarvester]

You don't get it. The product being sold by spam isn't Herbal Viagra or College Diplomas -- it's the spam itself.

It's a pyramid scheme. It's not about selling the product. It's about convincing people to pay you to sell their product through spam, to buy your address lists, or buy your spam software.

It's not about the people stupid enough to buy, it's about the people stupid enough to think "With all this spam, someone out there must be buying."

A large percentage of spam doesn't even have a valid contact address/url/phone. It's purely about claiming to prospective clients that you can deliver X messages or have Y valid addresses.

So, go ahead and convince grandma not to buy any spam prodcuts. Great. Meanwhile these guys are on a sales arms-race that will eventually render standard netmail useless.

best spam method

[binary+tr011]

I use various methods for filtering spam but by far the most effective one is to just randomly delete files ;)

off topic

Ps: also replying to the emails promising to eliminate spam aren't a good idea :P

slight ot

can anyone recommend free spam filters that work with windows 2000? either upcoming or already here is fine.. i hear mozilla is coming with something

Re:slight ot

[The+Bungi]

Yep

Re:slight ot

[SnakeStu]

What do you mean? How do you define "Windows 2000" -- do you mean "my [unspecified] email software that runs on Windows 2000" or "my TCP/IP support in Windows 2000" or "my Windows 2000 kernel" or "the ISP I connect to from my Windows 2000 box" or...? Accuracy in questioning leads to accuracy in answers; the same can be said of ambiguity.

Re:slight ot

[The+Bungi]

Let me guess - you hang out in #linux helping newbies, yes?

Who the heck needs a mail client-specific tool? MailWasher is an example of a tool that sits between your POP server and your mail client. That's all you need. I'm sure you know that "TCP/IP" and the "kernel" you're running are so far away from POP or LDAP it's not even funny. So why drop techie terms around unecessarily?

Re:slight ot

[SnakeStu]

MailWasher is an example of a tool that sits between your POP server and your mail client... I'm sure you know that "TCP/IP"... [is] so far away from POP or LDAP it's not even funny.

That's an "interesting" way of looking at it; I guess MailWasher doesn't use the TCP/IP connection, then. Is it magic?

I was pointing out the ambiguity of the original question. You merely answered the question as you interpreted it, which isn't necessarily correct, even if the information you provided is accurate. While I won't argue with the potential merit of MailWasher, your "logic" leaves something to be desired.

Re:slight ot

[The+Bungi]

That's an "interesting" way of looking at it; I guess MailWasher doesn't use the TCP/IP connection, then. Is it magic?

<chuckle> You know exactly what I was talking about, and that's why quoted my post selectively. How about your comment on the "kernel" bit, hmmm?

I was pointing out the ambiguity of the original question.

No, you were being an asshole. A technically-oriented asshole, but an asshole nonetheless.

You merely answered the question as you interpreted it, which isn't necessarily correct, even if the information you provided is accurate.

Wow, that sentence gave me a headache.

your "logic" leaves something to be desired

So does your "help"

Re:slight ot

[NanoGator]

"What do you mean? How do you define "Windows 2000" -- do you mean "my [unspecified] email software that runs on Windows 2000"..."

He means a stand-alone anti-spam program that runs in Win2k. I have no idea why you think he'd mean the other stuff seeing as how he mentioned Mozilla heh.

Spam Conference...

[VistaBoy]

Because we're having a conference on spam to begin with already means that the spammers have won. Besides, what keeps spammers from attending the conference and figuring out how all the spam guarding stuff works?

Re:Spam Conference...

Because we're having a conference on spam to begin with already means that the spammers have won.
For the love of god, spammers aren't terrorists (not real terrorists anyways). Their goal is to make money, not to change our lifestyle...

what keeps spammers from attending the conference and figuring out how all the spam guarding stuff works?
Their own stupidity?
Besides, isn't a lot of this stuff open source?

Re:Spam Conference...

[intermodal]

that would be a bad thing how? the more time they spend trying to figure out ways around, the less time they have to actually send spam.

Re:Spam Conference...

[Wonko+the+Sane]

Idealy, the methods for filtering spam work even if the spammers know how they work. This is addressed in the "Plan for Spam" link in the article.

Re:Spam Conference...

[glwtta]

Besides, what keeps spammers from attending the conference and figuring out how all the spam guarding stuff works?

We'll all talk really quietly.

Re:Spam Conference...

For the love of god, spammers aren't terrorists

They aren't?

Re:Spam Conference...

[mlknowle]

> Because we're having a conference on spam to begin >with already means that the spammers have won. >Besides, what keeps spammers from attending the >conference and figuring out how all the spam >guarding stuff works?

What do you suggest? That we ignore a very real problem because we don't like it? Spam isn't going to go away if we pretend it doesn't exist! This conference isn't about secret techniques that spammers can't know about - it is about designing better protocals and gateways which are more immune to spam - stuff they'd learn about anyway. It's about *colaboration*, not giving out secret spam info

Re:Spam Conference...

[babbage]

Let them attend, I say. Let them heckle from the back of the room, saying "aw hell that won't work, if you do $this then I can just do $that." Hey presto, the researchers get a better awareness of the failure points, and the solutions ultimately developed are that much more robust.

Think about it -- this is exactly the same argument that favors open source software over proprietary equivalents. "With enough eyes all bugs/security holes are shallow." Without exposure to real life spam & spammers, how is anyone ever going to know if new techniques work? If the conference is attended by both pro- and anti- spam advocates, we'll all get to the meat of the issues that much faster -- you might as well be confronted with the problems while a bunch of experts are in the same room to hash out a solution...

Re:Spam Conference...

[bugbear]

A good spam solution will have to work even if the spammers know how it works. I believe that Bayesian filtering, which is what a lot of the speakers at the conference will be talking about, is such a solution. Spammers can't outweight the incriminating words they need to use in their sales pitches with innocent words, because the very innocent words (names of friends, terms used in one's work, etc.) are unique to each user.

Re:Spam Conference...

[Jucius+Maximus]

"Besides, what keeps spammers from attending the conference and figuring out how all the spam guarding stuff works?"

A lot of anti spam tools are already open source for easy dissection. Besides, a good anti spam routine should be the same as strong encryption: A knowledge of exactly how it works should only prove that there is no optimised, 'most efficient' attack.

Until anti spam techniques reach this level (bayesian filters like in the new mozilla, perhaps?) then we will be on the defence.

Re:Spam Conference...

[Eric+Damron]

I don't agree that it means that spammers have won. It only means that they are enough of a pain in the ass to warrent holding a conference.

Let them attend. The only real solution is one that even if they are fully aware they still can't do anything about it.

Prevent SPAM instead of trying to deal with it....

[8BitWimp]

Its ironic that this conference (and other discussion groups) are focusing on dealing with, filtering, and otherwise trapping SPAM. It appears that the only solution to eliminating SPAM is to develop a completely new architecture for handling email which would simply not provide mechanisms for the broadcast of SPAM, and the hijacking of mail servers. Spammers are just as ingenious as the folks valiantly trying to filter it. Until we consider a new approach, we will just be battling an ever growing volume of SPAM mail.

An Anti-Spam Solution?

[Lucas+Membrane]

There is no such thing as anti-spam, thank goodness. If there were, and if the spammers sent it spam, the spam would be gone, but copious gamma rays and neutrinos would result, and the bystanders would all die from the radiation.

Re:An Anti-Spam Solution?

[geekoid]

if the event took place on the spammers box, I really wouldn't have much of a problem with that... ;)

Re:An Anti-Spam Solution?

Didn't you mean "spamma rays" and "spaminos"?

The only spam conference needed...

[MillionthMonkey]

This problem is not difficult to solve. All you need is a "conference" of enraged global villagers marching up the road to Alan Ralsky's house equipped with dynamite, pitchforks, Bayesian filters, and burning torches! We could bring some diplomas from prestigious nonaccredited universities to get the fire going. And afterwards everyone gets Chinese food.

OK, maybe it wouldn't solve the problem, but it would make great reality TV. Wouldn't you rather watch a spammer get lynched than sit through yet another gold digger beauty pageant on FOX?

Re:The only spam conference needed...

[bryanthompson]

And now for the obligatory blazing saddles reference:
Reporters, Taggart and the Governor: Harrumph! Harrumph! Harrumph! Harrumph! Harrumph!
Governor: I didn't get a 'harrumph' out of that guy!
Lamarr: Give the governor a 'harrumph!'
Reporter: Harrumph!
Governor: You watch your ass.
.wav here

Re:The only spam conference needed...

"Wouldn't you rather watch a spammer get lynched than sit through yet another gold digger beauty pageant on FOX?"

• 
  I was actually looking forward to that new FOX pageant...

where have i seen this before

[Dylan_t_p]

could it be here?? here?

oh well since it's about spam only makes sense to post it more than once.

Re:where have i seen this before

The new post alerts people to the need to register, which was not in effect at the time of the original post.

Cell phone spam

My Verizon wireless keeps on getting spam sent to it. Is there anyway to control the spam without turning off the email feature entirely?

Register for the conference.... via email?

[NineNine]

Doesn't this seem just a bit fishy to anybody else?

Re:Register for the conference.... via email?

[Rik+van+Riel]

Maybe it is a spam conference after all and not the anti-spam conference people seem to assume ;)

Re:Register for the conference.... via email?

[NineNine]

Or maybe there's no conference at all, and all of the spammers will finally get the email addresses of the anti-spam people that they've wanted for years. Sounds like a perfect evil plan to me.

Re:Register for the conference.... via email?

[The+Bungi]

Sounds like a perfect evil plan to me

Where's MiniMe when you need him.

Wouldn't it be ironic...

if the attendees started receiving spam after signing up for the spam conference?

"Make money with anti-spam!(c)"
"Work from home creating spam filters!"

etc.

My spam solution

[archnerd]

I use SpamAssassin, combined with some scripts available here. Since I implemented this system last month, I have gotten exactly one piece of spam, and it got through because the body contained nothing except a URL.

Re:My spam solution

[WPIDalamar]

One word... Spamassasin

I've been using it for 2 months ... today, the first spam since I started using it got through.

Re:My spam solution

How does it work? How can a program, script, etc. tell the good from the bad? bad words vs good words?

Re:My spam solution

[Wonko+the+Sane]

spamassassin uses a bunch of common spam charastics and assigns each a score. If the score is high enough, it flags it as spam. Here's an example:

Content analysis details: (18.60 hits, 5 required)
X_LIST_UNSUBSCRIBE (1.2 points) Message has X-List-Unsubscribe header
MIME_BOUND_DASH_DIGIT (1.0 points) Spam tool pattern in MIME boundary
FROM_ENDS_IN_NUMS (0.9 points) From: ends in numbers

There is a new method now that called Bayesian filtering that used statistical analysis of bodies of spam and non-spam messages to detirmine the probability of a message being spam based on what words appear in it. This is one of the most promising methods, since it learns over time.

Re:My spam solution

I found another program ro be more effective and it works also with outlook/outlook express, it is called Popfile, and it uses the baesyan approach to filter out spam. It's effectivness increases over the time, but it gets quite effective after the first day. I would say it becomes fully effective after a week. Afer the first week It correctly filtered all the spam I recieved (more or less 150 messages per week) with no false positive.

How to End Spam in Four Easy Steps

[mark_space2001]

1. Declare Spammers are terrorists.

2. Fly a C130 "Ghost" Gunship over their house.

3. Open Fire.

4. Enjoy "Miller" brand beer in a Spam Free world.

Re:How to End Spam in Four Easy Steps

[floydigus]

'Enjoy "Miller" brand beer'

1. Not sure 'beer' should be associated with Miller.
2. Not sure enjoyment of Miller is possible when used as a beverage.
3. Though maybe possible for washing hair.

Re:How to End Spam in Four Easy Steps

I wouldn't put it on my hair..
Perhaps for cleaning the driveway?

Re:How to End Spam in Four Easy Steps

[bryanthompson]

i'm sorry, but someone's gotta do it...

4. ???
5. Profit
-=-
in soviet russia *bang**bang* enough *bang**bang* with *bang**bang* the *bang**bang* russians *bang*

Re:How to End Spam in Four Easy Steps

[NeoSkandranon]

IIRC its called the Spectre gunship. Nice idea though.

Re:How to End Spam in Four Easy Steps

[jafiwam]

More info on the AC-130 series:

http://www.af.mil/news/factsheets/AC_130H_U_Gunshi p.html

Thre are two nicknames; "Spectre" and "Spooky". If you can get a chance to see video of these things on TV, I'd recommend it, they can dish out amazing damage in a short period of time. (For those "Mail Call" junkies...)

In related news...

... Slashdot editors plan a conference on combatting spam postings on /. for those involved in developing their own dupe filtering solutions

Re:Prevent SPAM instead of trying to deal with it.

[The+Turd+Report]

While I am sure that a new mail system would solve the spam problem, your new problem is getting even half of the mail servers out there to switch. Doing this back in '86 would have been easy, but now, it would be a bitch.

What's so difficult?

[evilviper]

What is so difficult about blocking spam and e-mail worms? Just have a shared word that must be in the subject line (or else it gets filered out) and give that word to anyone you want to allow to contact you. Here on slashdot you could tell people about it in your sig, and never get a single piece of spam again, and what makes it better than whitelisting, even your friends, if infected with an e-mail worm, will not pass it to you, as the worm has no way of knowing the shared word.

And people are spending millions to block spam and worms why?

Re:What's so difficult?

[glwtta]

hehe, good one.

Re:What's so difficult?

This solution doesn't prevent the mail server from rejecting the email. That solution is the best because it reduces the amount of traffic that already ties up the internet.

Your solution would be appropriate if it could be enabled on the server side, but instead of filtering, it rejects the senders mail outright.

A tiny addendum to the SMTP RFC would allow that option, but NOOOOOOOO one wants to do it for some reason....gee wonder why????? Advertisers maybe?

Yes, everything is a conspiracy!

Re:What's so difficult?

[JoeBuck]

If you propose to include your magic word in slashdot programs, the spammers will soon write scripts to find such magic words and spam you anyway.

Don't underestimate the intelligence of the enemy. For example, does not currently parse base64-encoded MIME attachments, so suddenly spammers are all base64-encoding their spam.

Re:What's so difficult?

How hard is it to add a field to the address database? Until a scheme like this is in widespread use, it is a PITA for anyone sending mail to someone who uses it, and when it becomes a common technique, it stops working because spammers adapt. "Send this offer/ecard to a friend. E-Mail:______ Magic word:______"

Re:What's so difficult?

[smoon]

Sure, and then the spammers will figure a way to 'sniff' smtp traffic for nefarious purposes -- how about 'inserting' spam in legitimate e-mail automatically. How you like them spam filters now?

And sure, this _might_ require hacking into some high-security NOC. On the other hand, it might just be a simple dns poisoning attack and a rogue smtp server that forwards mail after altering it.

Ultimately no victory against spam can be had until we have one of:
1: Fundamental change to how SMTP/e-mail works, and get everyone to switch (unlikely).
2: Grassroots movement to boycott the businesses that profit from spam, to the point of putting them out of business. (unlikely until _everyone_ is 'online' and disgusted with spam)
3: New legislation that causes massive fines for businesses that profit from spam. (unlikely in the U.S. given the political corruption we suffer from).
4: Vigilante gangs rampaging through businesses that profit from spam, lynching spammers (or at least giving them a good thrashing), and massive correctly targeted cracking attacks against their computer systems.

Re:What's so difficult?

[evilviper]

You don't really need it.

As soon as a significant number of people are filtering their e-mail, spam will stop outright. And THAT really would reduce traffic.

Re:What's so difficult?

[evilviper]

How would they know what the word is? They can't very well include the entire text of you slasdot post in an e-mail...

It would be far easier for spamers to work around slashdot's e-mail obfustication than for them to pull one word out of a sig.

There really is no way speammers can get around this one... Which is in stark contrast to EVERY OTHER SPAM FILTERING OPTION.

Re:What's so difficult?

[evilviper]

It's not a PITA for anyone. Just a word in the subject line. How difficult is that? Hell, you've already got to rember that Fred is "superd00d384@obsecure.net", why is a small word so much more difficult?

It CAN'T be stopped, PERIOD, and I don't know why people keep saying that... You must not be thinking about it. There is no way for them to harvest the shared word. With an e-mail address, it has a standard form "user@host.domain" that is easy to pick out. A shared word looks like any other word in a message. There is no one way everyone will tell it to each other, so there's no reliable way to get around it.

In addition, most spam you get, is a result of spamers guessing usernames at popular domains (hotmail.com). So anything that requires just a bit more than a username to send mail will stop most spam.

Whitelists won't work, as the spammers can just spoof the source address to something most people will subscribe to (eg. daily dilbert), or possibly the users' own address. Filters don't work, as a spammer can generate a completely different piece of mail for each user if they needed to.

Nothing else works. This is bullet-proof.

Re:What's so difficult?

[evilviper]

You make it seem like it is trivial for spamers to take over secured servers and routers. It's not.

These types of attacks you mention have far more serious implications than the ability to read your e-mail. If someone could accomplish them, they would already be doing so.

1. There's nothing wrong with SMTP (when it comes to spam)
2. So competitors can spend out loads of spam under the guise of their own competitor, and get record business.
3. There are enough laws. And they don't help when anyone can route their traffic through anonymous proxies, and send it from out of the country.
4. Sounds like fun, but not too likely.

Re:What's so difficult?

About your sigline:

If all the trees are cut down where will your vines grow?

Re:What's so difficult?

[evilviper]

You lost me.

Darn

[anotherone]

I was hoping that this would be a conference for spammers rather than anti-spam coders...

Then we could destroy them all in one place.

Finally a cause the entire internet community could rally around.

Cloudmark SpamNet DOES work...

[cca93014]

Been running this for a few months now on MS Outlook (I know, I know) and it does work.

www.cloudmark.com

It uses a moderation system not dissimilar to Slashdot (but maybe without the weird 2+2=5 maths) and in my experience DOES work. YMMV. I've yet to have it filter a legitimate message, and it picks up about 70% of spam into my Inbox...

Re:Cloudmark SpamNet DOES work...

[pacman+on+prozac]

Ironic you posting in a thread about anti spam with a handy piece of anti-spam software yet your sig is advertising SMS spam and your website has "email marketing" as one of your main services. I dunno about anyone else but I'm too scared to try cloudmark now. Would they be a client of yours by any chance? :P

Re:Cloudmark SpamNet DOES work...

[ceejayoz]

Cloudmark's a reputable company - they were featured on Slashdot a while back.

Their plugin actually uses an open source project, Razor - it's quite good, except for legitimate mass mailings (for some reason, it always filters Amazon.com stuff - I'm an affiliate, I need that! - and my Daily Dilbert... most likely someone signed up, forgot they did, and keeps blocking it... grr)

Re:Cloudmark SpamNet DOES work...

[ostiguy]

That has been my experience with cloudmark too - legitimate messages I have signed up for get moved. That is part of the problem with letting end user types filter spam - spam is not necessarily all the messages you just don't want to read. People often don't read what they agree to, and thus don't realize that a lot of commercial email they volunteered for.

Still, I think there is a much brighter future in this model than the RBL model.

ostiguy

Re:Cloudmark SpamNet DOES work...

[spongman]

i'll bet he pays cloudmark to keep his SPAM from being killed.

I don't trust any serivce that requires lists like this - they're open to corruption and mistakes.

Use something like spambayes an open-source bayesian spam filter that allows you to define what is and isn't spam.

Re:Cloudmark SpamNet DOES work...

[sfe_software]

That is part of the problem with letting end user types filter spam...

This is why I like Bayesian filtering, as it's completely user-dependant. Meaning each user defines what he/she defines as "Junk".

I use Yahoo mail, and it's "Bulk Mail" filtering uses BrightMail. It blocks all mailings from RedHat -- ones I signed up for -- and yet lets mail from "notifications@mailsweeps.com" through.

Mozilla mail, OTOH (version 1.3a) with Bayesian filtering has been flawless. The first few days I tried it, it had a few false positives. After a week, no false positives but a couple missed SPAMs. Now (a month later) it seems to be about 100% accurate. Because it learns what *I* consider to be SPAM, and only I.

It's so simple it's pathetic. See the "Plan for Spam" link, it's a good read if you haven't read it. Now, hopefully the next Moz release will actually mark the Spam as "read", and move it to a "Junk" folder (now it only marks it as Junk -- it still plays the new mail notification, etc). I would trust it to move my SPAM to a Junk folder, where perhaps once a day I would verifiy that no false positives were found. After a while, I'd probably just trust it's judgement.

Key being that it's based on *you* -- it finds word patterns in what you consider to be SPAM, and bases it on noone else's judgement; it's completely personalized, and IMO the only solution (as far as client-side filtering goes anyway). For me, it's the solution I've been looking for. Now I just hope the Moz team completes the feature nicely (which I trust they will).

Re:Prevent SPAM instead of trying to deal with it.

[SnakeStu]

I've been promoting this notion for a couple years at least, while at the same time offering a spam filtering tutorial for Pegasus users. I've seen others also promoting the same general concept, sometimes with more details. However...

"One's feelings waste themselves in words; they ought all to be distilled into action[s]... which bring results."
Florence Nightingale

To see this happen, somebody needs to do it rather than talking about it. A technical demonstration, at the very least. And if I'm missing something and there's something like this in the works, it needs publicity, development support, testing, etc. to take it "out of the lab" and moving toward common use.

an important session

[bcrowell]

I'm particularly looking forward to the session titled "Punishments: Corporal or Capital?"

Repeat repeat repeat article

[Rik+van+Riel]

If this conference is anti-spam, why are they using slashdot to spam for this conference ?

This thing must have been featured 3 or 4 times on slashdot now...

Re:Repeat repeat repeat article

[mrmag00]

What isn't?

personals.nerve.com

You really need a girlfriend.

Re:Prevent SPAM instead of trying to deal with it.

[8BitWimp]

I would suggest a second and parallel email channel be introduced. Leave the current sendmail system in place. Those desiring better email and no spam will migrate to the new channel. Those who don't care can remain on the SPAM channel.

Great for Spammers...

[toupsie]

What could be better for a professional Spammer than attending an Anti-Spam Conference? Learn all the techniques and issues you will have to encounter in the upcoming months. I would be on the look out for people wearing too many gold chains reaking of hottub clorine wanting to make your penis larger in less than 7 days while offering you a Micro RC Car.

Re:Great for Spammers...

[mosschops]

What could be better for a professional Spammer than attending an Anti-Spam Conference? Learn all the techniques and issues you will have to encounter in the upcoming months.

I guess a decent solution needs to work like cryptography: you give sample code and explain the algorithms involved, but it still can't be exploited. The current methods seem too much like security through obscurity, which results in a never-ending battle of each side playing catch-up.

It still seems like there needs to be a level of trust involved with peering networks, which slow down untrusted SMTP clients, reducing the problems caused by open relays. If all major ISPs only accepted mail from trusted peers at full speed, there wouldn't even need to be a change to the SMTP protocol.

DUUUUUUPE!!

http://slashdot.org/article.pl?sid=02/12/17/005624 9

Enhance your personal size bigger than Descartes!!

[Gorimek]

"I'm pink, therefore I'm Spam"

Re:Prevent SPAM instead of trying to deal with it.

[blamanj]

It appears that the only solution to eliminating SPAM is to develop a completely new architecture for handling email...

Not true. The simplest solution is economic. If raise the cost of sending e-mail by as little as one penny / thousand e-mails, most spam becomes uneconomical. Poof, the spammers go out of business.

Re:Prevent SPAM instead of trying to deal with it.

[The+Turd+Report]

That is the only way it would/could work. The start would be a pain. But, once a sizable portion of the internet (getting some big ISPs to go along would help) used it, it would grow. This idea has been talked about for a long time, but no one will be the first to start using the new protocol.

Re:Darn Indeed!

[SwedishChef]

Where are my moderator points when I need them!!! Thanks for this. :)

Re:Prevent SPAM instead of trying to deal with it.

I've heard this before, but I'm not convinced. Right now I use an old version of spamassassin which until recently filtered about 95% of all the spam I recieved with 2 false positives over the last 6 months. I just upgraded to the new cvs version with bayesian filtering and now expect even better results.

Maybe we should give filtering software another chance before we do something as drastic as uproot the entire email system.

They should probably call it..

[Anonvmous+Coward]

... an anti-spam conference. Nobody would want to exchange business cards at pro-spam conference.

IN SOVIET RUSSIA

conferences anti-spam you!

Re:Prevent SPAM instead of trying to deal with it.

Sending a few kB does not cost a penny. End of story. Any system which adds arbitrary cost on top of the real cost is doomed user-acceptance-wise, even without taking into account the problem that there is no micropayment system which wouldn't add several times the cost of the stamp.

Poster child

[GeckoFood]

Now if they could just get Bernard Shifman to show up...

I use popfile

[TerryAtWork]

I actually publicize my email address to get more spam now, just to watch PF smack it!

Re:I use popfile

[Jucius+Maximus]

"I actually publicize my email address to get more spam now, just to watch PF smack it!"

Actually I thought of a better thing to do:

Whenever I get a spam where they have some sort on 'confirmation tag' in it using a URL with my e-mail address, I extract it, change my address to uce@ftc.gov (which is the FTC's spam collection address) and THEN load it in my browser.

Basically I am getting the automated system to send spam to the authorities.

Round 2?

[big_groo]

Ding!

Get out those AOL CDs and bags of dog poo!

hehe...

Happy New Year Ralsky.

Re:Prevent SPAM instead of trying to deal with it.

[Christopher+Thomas]

It appears that the only solution to eliminating SPAM is to develop a completely new architecture for handling email which would simply not provide mechanisms for the broadcast of SPAM, and the hijacking of mail servers.

How about just properly configuring the existing mailservers?

The hijacking problem is mainly with mail servers misconfigured as open relays.

No switchover needed.

As was pointed out in the last round of spam-article comments, you can't eliminate the header-forging problem, as at some point you have to trust the server that's supplying you with mail. So a new scheme would not help with this.

In summary, I don't see how switching to a new scheme would help.

I would watch out

[CaptainSuperBoy]

I would watch out for spammers crashing the party and trying to cause serious problems. If you read some of the rants from these people on nanae, you can see how they would be capable of causing trouble for the anti-spammers gathered at the convention. There are a ton of spammers and it only takes a few of them to file false police reports, harass attendeees, etc. They've shown again and again that they are immature. Just look at how Ralsky harassed that guy who took pictures of his house. Many prominent anti-spammers have received death threats, this shows the level of hatred that some spammers have.

Re:I would watch out

[SN74S181]

rominent anti-spammers have received death threats, this shows the level of hatred that some spammers have.

Oh, puhlease.

Pot. Kettle. Black.

Re:I would watch out

[CaptainSuperBoy]

I've never heard of anti-spammers sending death threats. Care to back that up?

Things that make you go "Hmmm."

[Chris+Mattern]

> Slashdotters who are peeved about spam can register here.

For which they want your email address--and add that it shouldn't be too heavily shielded against spam. Hmmm....

Chris Mattern

Re:Prevent SPAM instead of trying to deal with it.

[CaptainSuperBoy]

Again and again it's been proposed, and every time it is calmly explained to the proponent why it's totally unworkable. What's your idea, micropayments, public key authentication, etc.? People are always glad to hear someone's solution to all spam, but understand it's probably been posted and debunked already.

Semi-off-topic: best Bayesian filter for Outlook?

[Jeremi]

I'm using AGMSBayesianSpam under BeOS to filter out spams from my email and it does a really nice job -- but my poor benighted Windows/Outlook using friends want to use a nice Bayesian Spam filter too, and I don't know what to recommend to them.

Can anyone recommend a Bayesian Spam filter that (a) works with Outlook and Outlook Express, (b) is dead simple to install and use, and (c) works really well? I'd love to be able to point them at a URL.

Pretty useless for spammers.

[Christopher+Thomas]

What could be better for a professional Spammer than attending an Anti-Spam Conference? Learn all the techniques and issues you will have to encounter in the upcoming months.

How would this help them? People have known how the RBL, for instance, works for years, and yet it's still quite effective.

Likewise, filtering based on content still works despite being around for a while because spam mails ... have to contain spam.

In summary, I don't see what they'd learn that would be of use to them.

Re:Semi-off-topic: best Bayesian filter for Outloo

[sien]

Popfile works reasonably for Outlook and Outlook Express.

Trusted mail servers and TLS

[Nonesuch]

We've been talking with the Open Group on a couple of different approaches to implement the concept of "trusted servers" for SMTP.

One approach would be to use TLS with certificates signed by trusted anti-spam certification agents, and give TLS mail priority over plain-old cleartext SMTP.

Basically, nearly all current anti-spam techniques (one exception being whitelisting) work on the concept of "marking down" certain messages or sending hosts as being less trusted. Our goal is to use TLS and other approaches to apply the concept of "elevating trust", of elevating the trust level of certain hosts and messages.

Re:Trusted mail servers and TLS

[persaud]

Will you attend the Cambridge conference? Am also working on a trust-based solution. See also:

• Lawyer calls for spam collateral damage stories
• Editorial on microbusiness impact
• Certificate-based whitelisting for SMTP servers

NOT offtopic at all

[EvilStein]

Someone 4 posts down was modded +4 Insightful for saying the same damn thing. Geez, wake up..

Anyway, this is correct. Spammers already troll anti-spam lists looking for information on new anti-spam techniques just so they can slip around them.

Re:NOT offtopic at all

Oh, I see, -1 Redundant then?

Re:Semi-off-topic: best Bayesian filter...[Troll]

[fred666]

Ditch the crappy mail client and get a real one :-)

Re:Semi-off-topic: best Bayesian filter for Outloo

[ceejayoz]

Not quite what you're looking for, but the upcoming 1.3 release of Mozilla runs on Windows, imports contacts & messages from Outlook / Outlook Express, and will have Bayesian spam filtering.

I transfered over to the alpha recently, loving it so far.

ESR's Fame

Hey, how come everyone else on the panel is 'from such-and-such' or 'of blah-di-blah fame', while Eric of Raymond is just plain old ESR?

Surely that should read:

ESR, of copkiller fame?

My plan for spam

[gad_zuki!]

>And that means educating users to NOT FUCKING BUY ANYTHING SOLD THROUGH SPAM

Why the carrot and not the stick? Imagine spam honeypots luring the people who answer spam into giving up their credit cards and posting them publicly. Or listing names of people who visit honeypot sites like animalsexxxxxxx.com through a spam click. Make sure to report them to their employer if this is done during 9-5.

Then we'll see the obligatory news articles about hackers co-opting spam. Something tells me that all the spam marketers and companies that use spam won't be much of a problem when Joe Blow is worried about hackers and losing his job over spam.

Re:My plan for spam

[SN74S181]

You know, that's the perfect solution.

Right now the average person considers the people who go all-caps and start sputtering when the topic of spam comes up to be harmless nuts.

Start attacking that average person directly and your little problem will go away. You'll be relabeled as non-harmless and dealt with properly.

Or wasn't the intent to resolve your problem with spam.

Virulent, raving spam-hating is kind of the ugly side of the geek personae. It's not a pretty thing to see.

I almost feel like I have to put a disclaimer at the end of this comment saying I am not pro spam just to keep a few kamikaze nuts from going after me for entering this comment. Which really is dismaying.

slightly OT-postini spam relay

[Maskirovka]

I receive about four spams per day, but as opposed to deleting them, I look at their headers, run a trace tool, and notify the service providers and upstream ISPs. This usually limits the amount of spam I get from a specific asshole for a while. There's one that keep bugging me however: exprodmx15.postini.com (the 15 changes to diff numbers periodically).

According to the website, postini is a spam filtering company. Doesn't it seem a little bit strange that they'd host a spam relay? Exodus (postini's primary provider) doesn't seem to care too much, since postini is a well to do business. Postini sends an automated response that says "this message is only passing through postini's mailserver. it's not our problem". My first thought would be that postini is running open mail relays as a form of gaurilla advertising to spam busters, but it seems a little bit far fetched. I don't keep a list of addresses or domains, but postini is the only one that i've noticed for about a month that keeps reacuring.Is this sort of thing normal?

How I got rid of spam:

[NFW]

I started playing with procmail and grep and the whitelist idea, and after a day or three I cooked up this monstrosity.

If you email me, and you're not in my whitelist, you get a message from my "secretary" asking you to confirm your email address. If you're a spammer, you never see that message. If you're a human being, you either reply to the confirmation request (if the message was important) or you ignore it (if the message wasn't important, in which case I'm happy not to hear from you).

The only problem is those damn Nigerian bank scammers. They actually read their replies. i've heard from two of them in the six or seven months I've been running this whitelist contraption.

But anyhow, spam is no longer the annoyance it once was. I still look forward to strong laws against spam, because I know my bandwidth is being wasted (and other peoples' too), but at least I don't have to see it.

I used to look down on the whitelist approach, because in a sense it is admitting defeat - they're still out there burning up bandwidth, and this doesn't help catch them. But, I'm so glad to be free of spam... Every time I check my email and find no spam, it feels like victory. For me, the great annoyance of time wasted dealing with spam far outweighs the minor inconvenience of increased bandwidth consumption.

Y'all can play games with spam and spammers if you want to, but for me, for now, it's yesterday's problem.

Re:How I got rid of spam:

Realize well that any approach that relies on whitelisting based on the sender address is fundamentally broken. The sender address can be trivially spoofed with current SMTP protocols. This means spammers, like klez, can pretend to be your mama, and you will be none the wiser until you read their spam.

Re:How I got rid of spam:

[NFW]

I don't claim that it's a permanent solution (hence the note about "for now"), but "fundamentally broken" radically overstates the magnitude of the trivial potential problem that you bring up.

First, the human problem: When one bit of spam gets through the whitelist, the spam victim removes the 'from' address from the whitelist, and the spammer needs to find or create a new whitelisted address for each of the million+ target addresses. It wouldn't be enough to sell CDs with millions of addresses, they would need to be address pairs (one target address, one or more whitelisted 'from' address). While destination email addresses are long-lived, the whitelisted addresses would be shortlived and all but useless.

Then there's the technical problem: most spam is sent with a single 'from' address and multiple 'rcpt to' addresses. This is how relay abuse gets done - the message data gets transmitted once (or relatively few times) with MANY recipient addresses, so as to reduce the spammer's need for bandwidth. (It fucks over the relay owner, but who do spammers care?) Sending large amounts of spam with from addresses customized on a per-recipient basis would require spammers to acquire and maintain huge amounts of bandwidth - an amount roughly equal to the amount that they currently steal. Possible, but unlikely.

Call it "fundamentally broken" if you wish, but the bottom line is the signal:noise ratio in my inbox... it's approaching NaN. That makes me happy.

Yes, spammers can pretend to be whoever they want, but that takes work, and spammers and fundamentally lazy, so I'm not worried.

If whitelisting catches on in a very big way, spammers might start working on ways to get around it, and if they have any significant success I will to what it takes to stay one step ahead of them in the inbox arms race. But if whitelisting doesn't, spammers won't, and I'll continue to ignore the spam problem while I enjoy my spam-free inbox.

Yeah

and Happy fucking Assumption.

someone help me with a spammer

[Loco3KGT]

I have gotten over 200 spams from this one guy/company in the last 24 hours. all efforts of contacting him have failed.

ryan theil of roadwearyfilms.com :
the spam:
--------
Greetings Riders, we' re trying to let people know about our company and how we are becoming involved in the community. Here's an e-mail we've been sending out. Thanks

STURGIS 2002- VOICES OF THE CULTURE
Hi, my name is Ryan Thiel and I'm a director and editor for Road Weary Films Inc. My brother Scott and I have been directing independent films in Chicago, Ill. Most of our family is from South Dakota so it only seemed natural that we would make a Sturgis Doc. What a party this last year was. The film is jam packed w/ lots of chrome, hillclimbs, dragraces, coleslaw wrestling, scenes from the major bars, beautiful women and late night rides, as well as segments on the Buffalo Chip, Glencoe, Huelett, the rides in the hills, etc...We also take a look into the culture through numerous interviews and the introduction of new characters (people we meet and followed, obtaining the true essence of the biker) that will be seen in following films. We will be releasing the film on DVD, VH

Ryan Thiel
roadwearyfilms.com
------

Re:Prevent SPAM instead of trying to deal with it.

If you get it into Sendmail and Qmail, I think, you've got your protocol at quite a chunk of the ISPs. From there the commercial server-software will follow (it's another checkbox, that they can check). Deploing it dosen't seem to difficult.

Re:Prevent SPAM instead of trying to deal with it.

[8BitWimp]

An email message (or packet) should be authenticated at its source as coming from a valid, certifyable and traceable source. The authentication would be checked at each relay to make sure it isn't a bogus email. If authentication fails, the relay would discard the email. The destination then verifies that the email is from a certified source. The idea needs some work, but there is no reason with encryption technology coupled with the authentication information that computer generated SPAM can be differentiated from real certified email.

Re:Prevent SPAM instead of trying to deal with it.

[8BitWimp]

My original point was that we are currently dealing with the wrong end of the "pipeline." Instead of dealing with the mess flowing out of the pipe, we should be looking at ways to keep SPAM from entering in the first place.....

Re:Semi-off-topic: best Bayesian filter for Outloo

[Gaza]

Try Spambayes, even though it is early in development I didn't have any problems getting it to work. After some initial training it catches about 99% of my spam without one false positive.

http://spambayes.sourceforge.net/applications.ht ml

Just Not Enough

[NeoMoose]

Why compare notes when a joint effort would work even better? Come together for a little conference and go your own ways?

Let's start taking advantage of the resources offered by sites like http://www.spamarchive.org and other such services that allow for effective filters to be created.

My own solution

[tuxlove]

I don't need no steenking spam conference. Here is the spam killer to end all spam killers. I don't get spam any more.

pretty funny disclaimer

on the page to register for this conference...

"A confirmation message will be sent to the address you enter.

(Don't use an address with over-aggressive spam filtering set up on it, because if the confirmation bounces, you won't be registered.)"

Re:Semi-off-topic: best Bayesian filter for Outloo

[spongman]

yup, spambayes get's my vote too. the integration with outlook is excellent and once you've got it set up you don't even notice it (apart from the fact you're not getting all that spam anymore).

Central opt-out database

[dtdns]

see tagline..

victorsertzel9909@earthlink.net

victorsertzel9909@earthlink.net is a spammer.

BlueBottle

I've just noticed BlueBottle and their Spam prevention system. It looks promising to me. Has anyone tried it yet? Any problems?

(If BlueBottle.com works, then I'll just have to figure out how to get Internet Explorer to quit prompting me to install that damn Macromedia Flash plugin and I will enjoy the Internet again!)

My solution to the spam problem...

[nitehawk214]

Get the spammers to attend the conference. My guess is that none of them will make it out alive.

Re:Prevent SPAM instead of trying to deal with it.

[LL]

> only solution to eliminating SPAM is to develop a completely new architecture

Take a look at DJB's im2000 concept

http://cr.yp.to/im2000.html

LL

Re:Semi-off-topic: best Bayesian filter for Outloo

[rboatright]

popfile. Absolutely. The current release is good. The up-coming release currently working its way through the cvs is going to be _amazing_ Rick

Re:Prevent SPAM instead of trying to deal with it.

[Christopher+Thomas]

An email message (or packet) should be authenticated at its source as coming from a valid, certifyable and traceable source.

The problem with this is twofold: First, you're going to have a very difficult time getting people to agree on trustworthy sources, and second, you get the same problem as we have with DNS - the people who hold the keys have far too much power.

And unless all servers on the planet agree on a set of athentication servers, you'll still be able to inject spam into the system from remote relays (c.f. the china problem right now).

I'm not convinced this approach is practical. It's great in principle; I just don't think any likely implementation would work very well.

Spam, New England style

[Alien+Being]

City by the sea
Cradle of revolution
All spam overboard

What? No One from Hormel?

[thumbtack]

If there is going to be a Spam conference there has got to be a representative from Hormel, the makers of Spam. They even have a Spam Museum, Spam Recipes and much more on their Website. You can even order online, if you don't want anyone to know you are a closet Spam Freak, or read Spam Trivia.

Regardless of what you think of Spam, someones eating those 6 BILLION cans they have produced since 1937.

Spamprobe.

[Pig+Hogger]

http://spamprobe.sourceforge.net/

I've installed 3 weeks ago, and only 1 spam went through, and I've got only 1 false positive, out of over 700 messages received in that time.

Re:Prevent SPAM instead of trying to deal with it.

[Pig+Hogger]

Contragulations. Your peg-O-suck mail tutorial must be one of the most moronic web pages I've ever seen in my life.

Squeezing the whole thing into a tiny non-resizable frame, so you have to scroll horizontally to view the screenshots, is pretty stupid, if you ask me.

Witchhunt

[awyeah]

I say we all get out torches and pitchforks and go on a good old-fashioned witchhunt.

Really?

[thx2001r]

Ok, so this is a "Spam Conference"! Does this mean we can all head down there and see all our best friends that send the emails to us? I've got a two by four with a certain spammer's name on it :) J/K

FW: Goldfish

[tq_at_sju]

this letter i give to you so that you may review it further.

What I don't get is since when did they think this was the best way to get people to run a virus ??????

Bad idea

[Animats]

They distribute a set of MD5 hashes of E-mail addresses, as an opt-out list. Bad idea. Now, a spammer can get that list, run their lists against it, find all the people who opted out, and use that as a mailing list for stuff like phone line blockers, alarms, and similar products that would appeal to the anti-spam demographic.

Re:Bad idea

[dtdns]

In order for that to work for the spammer, they would have to have your address to begin with, and the resulting list of "anti-spam demographic" addresses would probably be too small for them to bother creating a campaign for.

The only other way a voluntary centralized opt-out database could work would be for the spammer to submit their lists to the system to be scrubbed for them. Not a service I would want to provide free of charge, and I doubt the spammers would be willing to pay for it. Distributing MD5 hashes seems like a reasonable compromise to me.

Re:Bad idea

[Animats]

In order for that to work for the spammer, they would have to have your address to begin with.

Not necessarily. They could take a big list of people's names, suffix them with "@aol.com", "@msn.com", "@yahoo,com", etc. and test them against the database. Trying variations on names is also cheap. It's just like a dictionary attack on encrypted passwords, only easier.

But nobody will do this, because the database is dinky and nobody cares about it. The DMA has an opt-out database for spam by DMA members, and that actually gets used.

Re:Bad idea

[dtdns]

...because the database is dinky and nobody cares about it.

I'm sure someone said that about slashdot when it first got started. As for the DMA's list, you have to be a DMA member to get it. COODB is targeting the smaller "hit and run" operations run by people with a shred of decency left in them.

As with anything else, if you don't like it, don't use it. Personally, I would like to see it get big and stop some unwanted e-mails from ever being sent (I'm involved with the project in case you couldn't tell). No, it's not perfect, but it's a start.

BellSouth has spam protection.

[index72]

Its pretty good too with only a few getting through once and a while.

Re:BellSouth has spam protection.

[8BitWimp]

QWEST in Arizona, Colorado, and SW sells their email customer addresses to SPAMMERS. Just got 10 junk emails this AM alone....

Re:BellSouth has spam protection.

[index72]

Its a CRIME I'm tellin' ya, a CRIME!

Re:Prevent SPAM instead of trying to deal with it.

Realistically, most mail accounts are Hotmail/MSN, Yahoo, Earthlink, various broadband providers, and large companies with pro mail admins. That doesn't leave many people on standard SMTP.

The 'secure' mail channel is the only realistic solution, and I can't wait for it to happen.

Re:Prevent SPAM instead of trying to deal with it.

VeriSign and the other "trusted roots" already have all the power over WWW e-commerce. Giving them control over mail certificates doesn't make the situation significantly worse.*

Of course, you'd need various private lists of "untrusted" certificates. But that's a fuck of a lot easier than tracking every open relay in the world.

* note that 99.9999% of people don't consider DNS a 'problem'. But even so, any MCSE can create their own cert root, which is more than you can say about heirarical DNS.

Re:Prevent SPAM instead of trying to deal with it.

Since Microsoft controls the largest number of e-mail accounts in the world, Bill Gates heartly approves.

how about users?

Are you working on your own anti-spam solution? Would you like to compare notes with other coders?

How about "are you a user with a well thought out opinion on what you'd like to have for tools to use?"

I see the bulk of effort these days on tools to detect spam, which is semi-useless to me(esp since it rarely works perfectly)..ie Computer:"This is spam!"...User: "No shit, sherlock."

I can tell within a second whether something is spam. And it pisses me off. I want to be able to DO something about it, and filtering it off into neverneverland is exactly what spammers want- they want everyone, save a small percentage, to delete or filter it off.

What I really want is a tool that -I- can run, not spamcop(which is almost universally ignored by ISPs, particularly chinese ones) and assists me in reporting the spam(as well as submitting the ISP to the open-relay testers and such.) I want spammers and ISPs to get it through their thick skulls that spamming is NOT ACCEPTABLE.

Spamcop is easy to block. 10,000 pissed off users aren't. I'm sick of ISPs ignoring abuse/spam reports...IMHO, everything's fair game if they do- sales contact addresses, tech support email addresses...hell, google under the company's domain name and harvest addresses of the employees, etc.

It is time we inconvenienced spammers and the ISPs that support them as much as they inconvenience the computing public. Given the # of people spammers reach in just one mailing, the math works out to one hell of a lot of 'inconveniencing' they're due...

Rmail in emacs howto sort w/ spamassassin headers

[donsaklad]

a.
For rmail in emacs, once you've got http://spamassassin.org on the system, like the system at the university here at this end, how do you sort the hundreds of spam commercial messages now with spamassassin headers?...

b. What functions for rmail in emacs are there?...

c. what other features of spamassassin are there?...
that neophytes might try to get to their preferred correspondents messages more easily?...

A bit of brainstorming

[ktorn]

Spam really started to annoy me for about 1 year now. Been online since 1995 (no longer newbie, but no veteran either) and having settled with the same email address since 1999 resulted in ever increasing unwanted messages, but it got ridiculous in the past few months. Now I'm even getting bounced emails from spam sent in my name, outrageous.
So for the past few days I started thinking of ways to avoid this problem. Filters seem effective, but I feel it's fighting too near your front door. New email protocols that stop SPAM at the sender's side (discussed in previous comments) seem like the way to go, but probably not to be seen in the near future.
So below I will flush my incomplete thoughts, and contribute to open-brainstorming ;)
BTW, this is related to MY problem, having my own domain name and with the ability to have whateverIwant@mydomain.com, so it's not THE solution for global SPAM:

1) if I change my email address, SPAMers will not have it for some time (as little as it may be), so I'll be SPAM-free for that period

2) when I change my email address, I have to notify all those who I know have it (probably almost all in my own contact list, and a few more)

3) doing 1) and 2) every week/month is tedious for myself and my contacts, so automation is required

5) if 3) then my email address doesn't have to be 'human readable', ie. can be a computer generated hash of some sort: someRandomHash@mydomain.com

6) if 3) then problem will be that my contacts need to use the same system, otherwise it will be tedious for them to change manually every update

7) creating different email address to each contact would help identifying where address 'leaks' are happening

8) if 7) then updates are only necessary to the address(es) 'found' by SPAMers

9) all above doesn't cover public email addresses (say, in the contact me section of one's web site). These can be protected by using the anti-bot 'picture' method used by email registration sites (where you need to write the passphrase encoded in the picture). Passphrase to be written in the subject line, otherwise email auto-ignored.

10) these things could be implemented as plug-ins to existing email readers, but that's still fighting it in your PC (you already wasted the bandwidth), what we want is these added as a service in your mail server.

Probably this ranks low in the heap of ideas thrown at SPAM, but then perhaps the answer to SPAM is not ONE magical trick, but the combining of them all. In the end, if SPAM doesn't reach the end-user it will eventually die out... (fingers crossed anyway)

Re:Semi-off-topic: best Bayesian filter for Outloo

[zonker]

yes indeedly rick it will be. =)

Facts are accurate, but not precise...

[zonker]

Nice that /. is supporting this conference, but jeeze, you'd think they would keep a better eye out for dupes. I posted this *same article* on the 16th... Have the readers of /. such a short attention span? I suppose it is all of the flashing lights in all that anime you kids watch that is slowly deteriorating your memory... =)

P.S. It would also have been nice if the poster would have researched his/her links a little better. For instance, the current page for POPFile is at http://popfile.sourceforge.net/

You forgot something

The obligatory

6. ???
7. Profit

Sorry, I had to...

Re:You forgot something

The obligatory

8. ???
9. Profit

Sorry, I had to...

Re:You forgot something

The obligatory

10. ???
11. Profit

Sorry, I had to...

Re:You forgot something

The obligatory

12. ???
13. Profit

Sorry, I had to...

Re:You forgot something

The obligatory

14. ???
15. Profit

Sorry, I had to...

Re:You forgot something

The obligatory

16. ???
17. Profit

Sorry, I had to...

Re:You forgot something

To the moderator that moderated this as "troll," I have meta-moderated you unfair. This decreases the chance that you will be allowed to moderate in the future. This was obviously an attempt at humor. Even if you don't find it funny, the SOP in cases such as "..profit!" and the soviet russia remarks is to mark said post Redundant.

Please take time to know how slashdot works before you moderate in the future. The moderator guidelines probably won't kill you.

Anonymous MetaMod

Re:You forgot something

i doubt you'll ever read this, but just in case i will post this reply.

i am the moderator who marked this post as "troll", please look at the thread in context here, the poster had not posted a single redundant post, but was attempting to flood the discussion with useless posts.

you may wish to read this entry in the faq, i think it applies to this situation.

Anonymous Mod, and MetaMod


How should I M2 if the moderator called it "Insightful" and I think it should be "Informative"?

This comes under the general category of "don't sweat the small stuff." "Interesting" and "Insightful" will have the same effect on the comment, and the difference between the two is basically just a judgment call. Rate the moderation "Fair," and move on.

Answered by: Loon
Last Modified: 6/12/00


and just fyi, ive hit the karma cap, and have been a MetaMod for some time, i havnt been penalised any karma for your metamoderation and i think YOU should read the MetaModeration guidelines.

My own, personal anti-spam - SpamButcher

[rich42]

One of my accounts has a pretty serious spam problem - was getting about 50 spam / day. In response, I cooked up my own anti-spam software - SpamButcher. It's similar to other anti-spam products - except that it actually works. Using "fuzzy logic" it kills about 97% of my spam. Currently only supports Windows users using POP3 accounts. It is "commercial" software - but there's a 30-day trial you can download (it's $29.95 if you want to purchase). I don't want anyones money unless they're already 100% satisfied with the product. There seem to be a lot of people who think using client-side anti-spam products is the "easy way out" and doesn't actually help solve the problem. I disagree - if everyone used an effective anti-spam product (mine, or others) - spam would become unprofitable, and subside. I'm posting this because I believe it's relevant to the article - if you think this post is spam - send the hate mail to rich@spambutcher.com I also run an anti-spam "blacklist" of major corporations that support spam at www.spamcrusader.org Rich Olson rich@spambutcher.com Chief Butcher SpamButcher - www.spambutcher.com

Re:My own, personal anti-spam - SpamButcher

oh yeah spambutcher.. the one I see in spam ads to get rid of spam. You're also the same guy who has all those lame ad links on fuckedcompany.com. Lots of credibility there.

Re:My own, personal anti-spam - SpamButcher

[rich42]

So to be "credible" I guess I shouldn't advertise? I guess I shouldn't charge anything and be open-source also... I purchase various online advertising - none of it e-mail based. I'm guessing the "spam ads" you're referring to are google or overture text ads. It drives me nuts when people start referring to any sort of advertising they don't like as spam. There's a huge difference between making website users put up with a little advertising in exchange for the service they're getting and bulk e-mailing 3 million people then claiming they asked to receieve it. Pop-unders try to obscure who's actually delivering the ad - so they're kind of in a similar category (I'd never purchase pop-up or pop-under ads) -Rich www.spambutcher.com

Re:Prevent SPAM instead of trying to deal with it.

[ipxodi]

What are you talking about? It looks fine and there's no horizontal scrolling needed for me in either IE or Mozilla...
You trying to view it on a PDA or something?

Good job, Stuart.

Eats

[Ender_Stonebender]

I highly recommend Jumbo Seafood (in Chinatown but nearer the South Station subway stop than the Chinatown stop) if you're going out for Chinese food in Boston. The Fire+Ice restaurants are also excellent - one is at 50 Church St near the Harvard Square T stop, the other is at 205 Berkeley St in the Back Bay area. See their website at fire-ice.com.

It's probably a "Joe Job"

[Elias+Israel]

Some spammers have realized that the outrage that follows their mailings is a resource that they can use against their enemies.

They do this by forging the headers in such a way that it appears that a "white hat" has actually been responsible for the spam in some way.

Then when the zealous, but unsuspecting user examines the headers, they end up directing their perfectly understandable opprobrium towards the spammer's enemies (anti-spam groups and companies, usually) instead of the spammer themselves.

It's called a "Joe Job" and it's the new price of admission for anti-spam activists.

Re:Prevent SPAM instead of trying to deal with it.

[SN74S181]

Poof the Linux Kernal Developers List Server goes out of business.

Line up here to buy your New Windows YP.

Elementary Physics

[hacksoncode]

You're forgetting that spam has all the "substance" of an electron on a diet. You'd be lucky to light a match with the energy released by even a million spams a day colliding with anti-spam.

I don't remember opting in

[Backov]

So why should I opt out?

counter-spam to drive spammers out of business

I use spamassassin, and other people can use whatever works for them, but none of that will stop spam. It only stops spam going to you, not all the spam on the internet. The "a plan for spam" article argues that blocking 99% of spam will change the cost structure of the spammers and make them unprofitable. I dont agree. 99% of spam is going to people who will not buy the product anyway, so it doesnt matter if we block it or not. There are still 0.000015% of people out there who actually want the spam product and who reply and fund the whole effort.

To make spam unprofitable, we would have to drive up spammer's cost of processing orders. One way to do this would be to turn the tables on the spammers and send false replies to them. Basically, launch DoS attacks against any contact information (reply-to, URL, phone number, etc.) listed in spam emails. That will mean that spammers will get 1,000,000 responses when they send out 1,000,000 emails, but only 15 of those will be real customers, the other 999,985 will be bogus junk that the spammers will have to sort through or make the spammer sponsors sort through.

Spam Conference

[minas-beede]

Didn't this start out as a spam filter conference? Glad to see the broadening of focus.
Is there anyone planning to attend who advocates and understands open relay honeypots and open proxy honeypots? There should be. I'm trapping spam from Taiwan, to Taiwan, on my home system in Wisconsin right now by running Jackpot. What I trap depends on which spammer finds my "open relay" and on what he sends.

At work I got spam from all over, including from top spammers like Ralsky and Rizler. Spam for millions of recipients, stopped dead at the relay. By an obsolete Vaxstation 4000/90.

See: http://jackpot.uk.net/

Re:Spam Conference

[minas-beede]

Nevermind. I looked at the conference description - it's still filters. Too bad.

In Soviet Russia, Linux Deploys You!

Sorry, but it had to be said by somebody....

Re:Prevent SPAM instead of trying to deal with it.

[SnakeStu]

Thanks for the feedback. The inline frame is relatively new and there is already an alternative for browsers that don't support inline frames. A way to manually bypass it for a browser that supports inline frames but does so in a troublesome way is a worthwhile idea (even if rudely presented). I'll add that when I get a chance. It might be useful for my short stories as well, as they gain illustrations.

But you know how to contact them

[billstewart]

They've got a web site. They've got a press relations person named Joann joann@postini.com, and in Cyberspace, everybody's the press. They're ostensibly looking to hire people. You've got expertise they obviously need. And either they're Evil, in which case you won't mind blocking them, or they're Good Guys but have some bad customers they haven't caught, in which case they probably want to know, or they're clueless or overloaded, in which case their PR person ought to know.

Send spammers to teergruben and DNSloops

[billstewart]

A "teergrube" is a tarpit for email, which responds to smtp correctly but v..e...rrrrrr...yyyyyy.....ssssss..llll...oooo...w wwwww....lllll...yyyyyyyyyyy, and is designed to accept mail for a large number of bogus addresses that you arrange for spammers to find. It really doesn't burn much bandwidth to make a spammer take five minutes to send an email message, because you're spending most of the time waiting before sending back the next line of response, and some implementations can keep a lot of suckers busy in parallel. Most spamware, and most real email systems, can only keep a given number of sessions going at a time, so the more simultaneous sessions that are talking to teergruben, the less actual email they can send. If you want to get fancy and track the things down, that's fun too, and the teergrube can hold the spammer's session open long enough to get ahold of their ISP (if they've got a responsive ISP)

Different ways to help spammers find them are to put them on web pages, or to have a spider-trap just waiting to generate them for web crawlers, or of course to be sure to unsubscribe them to all the spam unsubscribe addresses you've got, as well as the yes-tell-me-more addresses. They're more fun if you've got a lot of domain names to play with, but even if spammers kill off dangerous domains, you can trick some of them by doing addresses from lots of different thirdlevel domains, like alice@aardvark.example.com, alice@aardwulf.example.com, ... alice@zymurgy.example.com, bob@aardvark.example.com, ... And just to make things fun for the harvesters, you might as well make sure they've all got web pages pointing to a couple of other subdomains on your system.

If you want to get fancy with DNS, you can also set some of your subdomains to point to known open relays, if you happen to know anybody. Instead of having the spammer deliver all the email directly to aardvark.example.com, you can tell them that aardvark.example.com is at an IP address that's that misconfigured machine in Korea that's been spamming you, and have _them_ get teergrubed also.

Re:Send spammers to teergruben and DNSloops

[littleRedFriend]

Thanks for the reply, I looked into it. Interesting +N.

Last Post!

[alpg]

It turned out that the worm exploited three or four different holes in the
system. From this, and the fact that we were able to capture and examine
some of the source code, we realized that we were dealing with someone very
sharp, probably not someone here on campus.
-- Dr. Richard LeBlanc, associate professor of ICS, in
Georgia Tech's campus newspaper after the Internet worm.

- this post brought to you by the Automated Last Post Generator...

Last Post!

[alpg]

This "brain-damaged" epithet is getting sorely overworked. When we can
speak of someone or something being flawed, impaired, marred, spoiled;
batty, bedlamite, bonkers, buggy, cracked, crazed, cuckoo, daft, demented,
deranged, loco, lunatic, mad, maniac, mindless, non compos mentis, nuts,
Reaganite, screwy, teched, unbalanced, unsound, witless, wrong; senseless,
spastic, spasmodic, convulsive; doped, spaced-out, stoned, zonked; {beef,
beetle,block,dung,thick}headed, dense, doltish, dull, duncical, numskulled,
pinhead; asinine, fatuous, foolish, silly, simple; brute, lumbering, oafish;
half-assed, incompetent; backward, retarded, imbecilic, moronic; when we have
a whole precisely nuanced vocabulary of intellectual abuse to draw upon,
individually and in combination, isn't it a little to be
limited to a single, now quite trite, adjective?

- this post brought to you by the Automated Last Post Generator...