Slashdot Mirror
CDT Releases New Report on Origins of Spam
Carnth writes "CDT has released a new report based on a six month project entitled "Why Am I Getting All This Spam?" The results offer Internet users insights about what online behavior results in the most unsolicited commercial email and also debunk some of the myths about spam." A very good report - read it. There's also a story about yet another sleazy spammer in Ohio.
I managed to grab the PDF before the server was trampled by the swarming masses.
Mirror is here.
1) Sign up on an internet gambling site.
2) Register a domain name.
I have multiple domain names and I know for certain that much of my spam originated from either scanning the whois database, or someone selling the e-mail addresses from there.
I don't gamble, but I noticed that the java applets that were used for 99% of the gambling sites were all from the same place. In other words, if you want to start a gambling site, but you don't want to write software - you can pay to use the java applets of this one company. There is some rebradning that goes on - but in the end, it all goes through their servers and uses their code.
Because of that, I figured if there were any holes in the software, that would mean a whole crapload of open spots out there. So out of curiosity I registered at a gambling site and then looked at the source (you can get the source from a java applet).
After that, my spam increased exponentially - the immediate group was spamming me, as well as selling off the address - which then gets repeated over and over.
I use spamassassin now and I have it tweaked to the point where out of over 100 spams a day, I only have 1 get through - and that is because the code times out and lets it through, not because SA hasn't caught it.
I first installed it in January and in that time have only had it once grab mail that it shouldn't have - from my mom. I added her to the whitelist and have never had a problem since.
I use one of the more recent 2.60 versions, have the spam threshold lowered to 3.5, and I have tweaked a few of the score settings. Workds great for me.
There are some odd things afoot now, in the Villa Straylight.
The FTC already filed a complaint and had a preliminary injunction against Childs back in April. See the press release for more information. The article mentions he lives by Riverside drive in an apartment, could be with Linda Lightfoot, the woman mentioned in the complaints with him?
Life shrinks or expands in proportion to one's courage. - Anais Nin
Yea, but you should try working for a public institution. Our e-mail addresses are public domain and have to be given to anyone who asks. Thank god for Mozilla's filtering. Thats gotten me down to only 20 or so a day that I have to deal with.
At this point I'm praying for legislation that makes UCE illegal to government entities! You would think it would be misappropriation of resources or something. But the Ashcroft says no, I guess he is too busy chasing terrorists.
"I'm just here to regulate funkyness." - James Gandolfini, as Winston in The Mexican
Yeah, this guy is a real success story to be immitated.
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
I would suspect that many bots convert % symbols now. It would only take a pass through a standard URL encode/decode function.
There are better obsfucators available.
Are you in your own address book? If so then this is likely the case, an easy trick. And if so then here's a tip for next time: check the email addresses you're getting them from to make sure they aren't in your address book.
You little nutjob :) That'll blow away the aliases file.
:)
You need to use >>.
Here's what I presume to be home address of the spammer named in the article.
ABUSERS: C. Fielding Childs
cf_childs@yahoo.com
Bulker's Paradise
4132 Pompton Ct.
Dayton, Ohio 45405
FAX: (937) 275-3741
ALSO: Charles Fielding Childs, Jr.
"MAIL ORDER ALLIED COMPANY"
2936 Melbourne Ave.
Dayton, OH 45417
Some of the CDT's conclusions do seem obvious, but others really contradict prevailing beliefs. For one thing, they found that opting out of future mailings generally didn't result in the email address being sold or shared, thus attracting even greater quantities of spam. It's also surprising that addresses harvested from the web fall into disuse rather quickly, and that the harvesting programs aren't clever enough to overcome very simple obfuscation.
I'm a little sorry that the CDT pointed out that last bit, though; it shouldn't take more than a few minutes to upgrade harvesters to interpret these concealed email addresses. On the other hand, maybe spammers figure that anyone bright enough to use HTML codes or Javascript isn't likely to buy their snake oil.
One of the funnier (to me - others likely hate it) things I've seen are those "somebody has a crush on you" sites. you then have to "guess" who sent you the thing, so you put in emails and it collects them. I don't think that anyone ever really sends you anything, it just says that, then collects all the emails that generates and then tells those people that someone has a crush on them, etc etc.
Then that list can be resold.
I have my email address up on slashdot, I have it on my webpage (current and an old school one). I have posted to various discussion boards, yahoo groups, newsgroups, mailing lists, etc. I have purchased online from literally hundreds of online stores (I pretty only buy anything aside from dinner online).
Our of all of those, I definitely saw increases in spam coming in - but it wasn't huge increases until the two things that I mentioned up there - the online gamling and the domain registration.
There are some odd things afoot now, in the Villa Straylight.
The Dayton Daily News article discusses Charles F. Childs, an Ohio native. Last year I testified before the Ohio Senate Commerce Committe regarding a proposed spam bill. That bill was later passed into law . Among other things, the bill has opt-out requirements, requires a pre-existing business relationship, and makes it a feleny to forge headers and/or abuse open relays or proxies to send email. I would imagine that Mr. Childs, and another Ohio spammer, Tom Crowles, are in violation of some or all of the provisions of the Ohio spam law. Here's a new get rich quick scheme for you: hire an attorney and start collecting damages from these scum (up to $100 per email plus legal expenses).
The pitch for YASS (Yet Another Silly Script) aside, that solution isn't exactly 'better':
Of course, two of three of those problems can be overcome through inclusion of the script as an external resource (rather than an inline element) with some tweaking of the code presentation. But the 'solution' arbitrarily excludes a (likely small) population of users from actually accessing your email address.
If the whole point is to hide the actual email address, push it to the server-side (peddling a client-side JavaScripted solution is sub-par) and use a contact form. If the point is to present the actual email address (in cases where hiding behind a contact form sends the wrong message to your audience), I'm not certain turning to JavaScript offers all that much protection over plain markup obfuscation. Logically, it might, but at what additional cost?
I remain skeptical that HTML character encodings are enough, but perhaps it is so (still) given the CDT finding. One might combine it with the table-split solution offered up-thread. Turning to JavaScript doesn't offer enough demonstrable benefit to warrant usage.
Now, if one would conduct a nice controlled study of the differing techniques...
Very sorry. :-) As long as the mail server is running qmail and you have shell access, you can set up qmail files for any given "extension." .qmail is what happens to mail sent to username@domain.tld. .qmail-yahoo is what happens to username-yahoo@domain.tld
.qmail-default. That will catch everything that isn't just sent to username@domain.tld (that has to be handled by .qmail) and doesn't already have another file handling it.
.qmail which handles mail to just username@domain.tld, a .qmail-yahoo that handles everything to username-yahoo@domain.tld, and .qmail-default which handles everything else that starts with your username.
And, if you want to accept everything that starts with your username, you set up
So, you can have
This info is pretty much available in the man page "dotqmail" and some info may be found at the author's web site at http://cr.yp.to/qmail.html
or the Life With Qmail web site, http://www.lifewithqmail.com/.
Apparently, of the rich, by the rich, for the rich.
I read the report and was immediately struck by the fact that email addresses posted to us.jobs newsgroup received ZERO spam. Don't try this in alt.sex.erotica, however, as that newsgroup received the most spam. Further proof that pr0n really is the driving force behind the internet... p.s. now you know where to post email addresses of thy enemies
pot.kettle(black);
Not new. In fact quite common.
I use Evolution and it can block loading images from the web.
Buy a Nintendo DS Lite
I have posted an HTML version of the report at http://www.cdt.org/speech/spam/030319spamreport.sh tml . Thanks for your interesting comments, I am collecting them for ideas for future research projects. Mike
|exit 100
The 100 exit status causes all mail to that address to bounce, not just get sent to /dev/null. And a bounce is the most reliable way to get off a spam list. AFAIK, qmail is the only MTA that allows user-level control of bounces like this.
This article tells you how to set up a rule that will detect HTML mail in Mail.app:
Add an HTML filter to catch more spam in Mail.app
It works great!
At least some harversters decode the page before searching it for addresses, and several advertise the ability to get through the "bob at domain dot com" subterfuge.
But, we also have several domains that have no mail address set up, except those required by RFC. They routinely get spammed, even when no email address was used in creating the domain.
Lots of good advice, though!
Hey! That's nice! There's another way, using the "boucesaying" program that comes with qmail. if you put this line in the .qmail file, you can actually control what the bounce says (though yours is nice because it's easy and looks more automated):
| bouncesaying "Better luck next time"
Apparently, of the rich, by the rich, for the rich.
In version 1.3:
Edit > Preferences > Privacy&Security > Images: Do not load remote images in Mail & Newsgroup messages (check!)
also, in Preferences >Advanced > Scripts & Plug Ins: Enable Javascript for News & Newsgroups (uncheck!)
This, along with whitelisting sites with popup windows and Bayesian email filtering should make your life easier.
Cheers
-- Andre