Slashdot Mirror
My Short Life As An Unintentional Porn Spammer
Freerange writes "Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer spoofed his personal email address as the 'reply-to' for a batch of spam, with interesting results for Mike: "I can
now answer the questions 'who replies to spam?' and (should anyone ever
wonder) 'what are the hundreds of variations on bounced messages?'" From Politech."
Spammers have been spoofing legit addresses for a while. I know a lot of times they'll simply use webmaster@somelegitdomain.com and basically cause that person a bunch of grief and headaches. Most users are too clueless to realize it's really not coming from that address.
Obviously, legislation isn't catching up and as evidenced by the junk fax law is useless when it does. Technical minds built the Internet, and I have little doubt that a solution could be found once we quit looking for the quick fix.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Sure you can filter it, but you haven't stopped the bandwidth that you paid for from being sucked up.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
I gave Testimony to the Missouri House of Reps on Jan. 29th.
It's easy to get things in motion, everyone is too lazy to try though.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
it's now illegal to provide any false information while using oral communication. specifically related to, but not limited to, false information regarding the name of the communicator.
spam spam spam. if spam should be illegal, so should any form of unsolicited communication. that includes conversing to persons without their permission at the local pub.
i'm personally in favor of a more liberated
government system, but if we want our legislatures to make rules, let's make it a level playing field , not just fix the annoying problem we have of spam (that is created because of a technical deficiency in the overall system of itself).
If so, perhaps spamware like SpamAssassin could be modified to intentionally bounce mail?
nuclear iraq bioweapon encryption cocaine korea terrorist
This domain was used by a spammer, they sued and won. http://www.mids.org/mn/803/spamset.html
Michael Loves Me!
I pay every penny of my T1 cost and we're already looking at jumping to T3 for more bandwidth.
So just to put things into perspective... Every piece of spam comes through:
1. Eats a little bandwidth
2. Eats up a little CPU doing filtering.
3. Eats up a little bit of CPU doing virus filtering.
4. Eats up a little bit of disk space.
Now you say most americans don't pay by the bandwidth, this is true, but they do pay FOR the bandwidth. For instance, all of my customers pay for the shared resources on my server. If one customer gets 50 million pieces of spam in an hour my server has come to a crawl and all of the customers who paid for hosting service are interrupted.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
or the source IP address of the sender is not registered to the same domain that the mail originates from
Do you mean that the server should ensure the source IP isn't masqueraded, or that the originating domain in the From: header should match the domain of the IP address? In the latter case, refusing mail from mismatched domains would prevent me from using my email address at school when I send mail from home via my ISP. That's an important convenience I wouldn't want to give up, and I suspect that many more people use this feature.
I do agree with the rev DNS lookups and I think most well-configured SMTP servers already do that.
So long, and thanks for all the Phish
Can I turn off HTML email in Outlook? Sorry for the stupid question that Google would probably answer for me.
Random is the New Order.
Now, all we have to do is get the super spamfilter to think that all the reply-to addresses are JacksonRoyKirk@ufp.mil
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
Um.. those are three very pretty all caps words... but they don't have a lot to do with this article. They aren't talking about open-relay abuse here.. During the course of an SMTP transaction, there are two important identifying lines:
HELO
and
MAIL FROM:
Many SMTP servers will do some sort of verification on the HELO line, but very little can be done about the FROM line. You can't easily kill addresses that don't match the HELO domain because legitimate mail relays would be unable to forward your mail on then.
I can send you a piece of mail that will display bob.hope@whitehouse.gov as the from address. If Bob had that address, and people replied to the forged address, he'd be getting the blame for my spam.
It sucks.
All I wanted was a rock to wind a piece of string around, and I ended up with the biggest ball of twine in Minnesota
The FBI routinely sets a high threshold before it will get involved, and it sounds unfair until you consider they are *tiny* compared to local law enforcement. Similarly, the entire federal judiciary has fewer judges than California.
:)
Did you look at state law remedies, call the attorney general, that sort of thing? I'm not faulting you if you didn't, I'm just ignornant of whether there a meaningful alternatives.
You could have sued the guy personally in small claims, although the dollar value was low. But there's nothing wrong with a little spite.
You could actually do something, like filing a request for support at Sourceforge. Their support guys are extremely responsive. You should've done so as soon as you had noticed the problem instead of blaming "sourceforge" as a whole for some technical glitch that was correctable.
I was the target of a joe-job since last April. A spammer advertising a Human Growth Hormone website based in China was sending out tens of thousands of spams over a long period, with my long-held email addy in the From: address.
The vast majority of the mails you get back are administrative emails saying that "the user does not exist." There is also a small amount that you get that are ill-informed, ignorant, and often very inflamed responses from people who respond.
At the peak of the attack, I got over 14,000 emails in a single day. It almost caused me to have to give up my email address, which I had held for almost seven years at the time. I didn't want to give it up so easily.
My solution was to install and use the Tagged Message Delivery Agent (http://www.tmda.net), which is a whitelisting service. It has my admiration for rejecting 100% of the unwanted emails for two reasons. First administrative accounts don't reply to their whitelisting requests, and second, ignorant angry users don't bother to reply to get whitelisted anyways.
As for the question of why someone would do this, I have thought of three reasons:
- To make their spam look more legitimate.
- Just to cause general havoc
- Because I have, in the past, not hesitated to complain to service providers about spam. This was probably retribution.
I did attempt to bring some form of legal action into the fray. I talked informally to Scott Frewing, a US attorney (one of the prime players in the Skylarov case), about the attack. He referred me to the FBI's online fraud folks, but couldn't really give me much encouragement on the chance of the success, since the spammer's website was located in the China Telecom domain, although the company it claimed to represent was in New Jersey. In fact, he told me I would probably be better off pursuing the case strictly on the basis of fraud and possible identity theft (the use of my email address) rather than as a spam case.
I stopped pursuing it after talking to Frewing.
In any event, I have won the battle in the sense that I will never see the unwanted mails. But I have lost the war in the sense that I can't really make the F*CKER stop doing it, and it does consume resources on my linux box.
-- Mojo Tooth : exploring our world as only an idiot can.
I had a different but similarly disturbing experience recently. A domain I host has the same name as a fairly large ISP in a neighbouring country (just the tld is different). A spammer started sending floods of messages with made up rcpt (aaa@domain, aab@domain, etc) addresses to it.
The sender address was a similar auto-generated hotmail address. When I found out what was going on (on a sunday night) because the sysload went up, my mailqueue contained over 50000 undeliverable messages.
I blocked the sending address with an ip table rule and mailed the Irish ISP. The next morning the connection attempts were still bouncing of my firewall and the ISP never replied.
These guys are beginning to do more and more damage...
Xenna
I've never understood why people don't put "Press a key" instead. The intelligence-challenged can search out the `a' key, which will work, and the rest of us will know that all the others'll work too. Plus it's two characters shorter -- benefits all round!
Ceterum censeo subscriptionem esse delendam.
There's a huge difference between can and should.
Anyone can use a computer.
Some people shouldn't.