Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Meeting Wrap-up

Posted by michael on from the spam-and-eggs-and-spam dept.

wendigo2002 writes "Get used to that daily flood of e-mail come-ons, Viagra offers and lucrative enticements to invest in Nigerian pyramid schemes. Internet gurus, software designers and lawyers today ended a three-day Federal Trade Commission discussion on combating spam by concluding neither technology nor laws are yet capable of completely dealing with the plague."

8 of 188 comments (clear)

  1. Maybe not completely... by spiney75 · · Score: 2, Informative

    ...but SpamAssassin in combination with Razor and Distributed Checksum Clearinghouse works quite well on most mail servers I've seen.

  2. Washington Post coverage by Kappelmeister · · Score: 4, Informative

    The Washington Post takes a slightly more sensationalist take on the "bare knuckle," "historic" forum.

  3. Spam is dead by ajs · · Score: 4, Informative
    Get used to a mailbox full of ... whatever you want, including nothing.

    Spam tools are currently at the point tht detection of spam is a near-certainty and the probabilities for false-positives (e.g. good mail getting called spam) are measured in the 0.00n-0.0n% range (that is n in 100,000 to n in 10,000) which can almost always be improved on locally by the user through various means that are anti-spam-tool independant.

    SpamAssassin is currently my tool of choice. It's very flexible, can be used with any UNIXish mailer and is just getting frighteningly better over time.

    SA's recent addition of Razor2, a Bayesian filter and improved handling DNS blacklists (which SA weights so you can apply them withour worrying about slicing large and useful parts of the Internet out of your field of view) have reduced many concerns that folks had before about active abuse of SA's rule-base in the past. The speed with which this system applies hundreds of tests to a message is also quite stunning, and a major boost to Perl's tacit reputation as a "slow" language.

    The biggest problem with SA right now is probably the inability to scale up to the mid-range ISPs and medium-sized business without SERIOUS harware allocation due to the heavyweight neature of its testing. That's my personal mission for SA over the next year or so. My goal is to make SA a reasonable option for anyone that has to process orders of magnitude more mail than your average ISP (e.g. AOL).

    When the upcoming 2.54 comes out, I HIGHLY recommend checking it out. You can install SA on most UNIX-like systems, as long as they have Perl installed by typing (as root)
    perl -MCPAN -e shell
    following the configuration process if you have not done so for Perl before, and then typing
    install Mail::SpamAssassin
    After that it's just a matter of how you want to configure your MTA to talk to SA. I recommend using SA in "spamd" mode with sendmail and procmail. If you already use sendmail with procmail delivery, you just have to change your .procmailrc by adding rules to invoke SA, and there are good examples of that on the SA site. You can also use qmail (officially qmail doesn't support this kind of thing, but if you use the standard set of patches that most every has to apply, it's reported to work fine) and postfix (though postfix has some complexity when it comes to setting up any kind of uni-directional filtering).

    Good luck!
  4. Re:They needed three days to figure this out? by jaa · · Score: 2, Informative
    For the time being:

    POPFile Bayesian filtering (works on multiple OSes)

    Postfix w/experimental reject_unverified_sender

    reject_unverified_sender works like this:

    1. mail arrives from sender@example.com for victim@localdomain.com
    2. Before allowing the dialog to progress past RCPT FROM, postfix attempts to send mail to sender@example.com. The mail connection is never completed -- just the MAIL FROM and RCPT TO are attempted, so sender@example.com never receives any email as a result of this probe. (postmaster might note a log entry for NULL connection...whatever).
    3. If example.com's mail server says "sender@example.com: no such user," the incoming mail connection in #1 is refused.
    4. If example.com's mail server accepts mail for sender@example.com, the mail connection for #1 is allowed to proceed.
    5. If example.com's mail server takes too long to respond, the mail connection for #1 is given a 450 (try again) response. By the time the sender's server tries again, the attempt to verify sender@example.com's address should have succeeded, and will be cached by postfix.

    Add sbl.spamhaus.org and list.dsbl.org RBLs (very, very low false positives), and watch the spam disappear.

    --

    Never meant half of the things I said to you. So you know, there's a half that might be true - G. Phillips

  5. Spam by DaLiNKz · · Score: 2, Informative

    I have two different issues with spam:

    One, my email address that i use for almost everything for the past 4 years only recieves 1 or 2 spam a day. The address i used for 3 months recieves 100-150 spams a day, it is impossible to use that address for anything..

    Now i use two email addresses, one for things like MSN and registering to forums and websites that goto a drop box and then my main address that i only give out to people these days.. its useful, even behind the current spam filters we have on the mail server it gets 8-10 spams a day.

    --
    I've left to find myself. If you happen to see me, please, keep me there until I return.
  6. Spamassassin plugin by TheFlu · · Score: 2, Informative

    I've been using Spamassassin along with the Razor and DCC plugins and it works very well, 99% of the spam that enters my Inbox is clearly labeled as such. However, does anyone know of a piece of software that will automatically add the IP address of the mail server that sent the spam to my sendmail access.db reject list? If there isn't such a thing, already, I could probably write one myself, but I don't want to go through the effort if it's already been done.

    --

    --It's Pimptastic!--

  7. Re:traceability, or send-risks-paying? by Zeinfeld · · Score: 2, Informative
    One thing, which works fairly well, and works now, is SPEWS (www.spews.org).

    SPEWS is used but you will find it very hard to find any ISP that admits to it. The problem is that SPEWS is amazingly careless and sloppy.

    There are now 400 blacklists and as a result ISPs rarely do very much if they get listed now. They might contact MAPS and get unlisted, but MAPS is not that effective at blocking spammers any more. The ISPs have decided that the sooner everyone is on SPEWS the better, trying to get off the blacklists would cost a fortune.

    It was quite noticable at the FTC panel that even the blacklist people could see that there were enormous problems with what they were doing. Their answers were pretty evasive and they kept contradicting themselves. Julian started out by saying his was a 'high collateral damage' list, use it as one input to the filtering decision. Then a few minutes later he says that blacklists are the only way you can filter without having to accept the email and tie up your server - so what is it.

    Of course the reason we have irresponsible blacklists like SPEWS is because of the legal tactics of the spammers. E-MarkettingAmerica is not in business to make the world a better place. Their lawyer served two of the blacklist people with writs during the conference and was somewhat emotional during one of the sessions.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  8. Re:Why do you need to do a rewrite? by greenrd · · Score: 2, Informative
    In a way, I guess you are correct, but it's a black hole that's configured by the receiving system.

    Who the fuck do you think configures existing blackholes? The US government? Aliens? No, it's individual site administrators. They may choose to run with an unaltered public blacklist, but that's not inherent in the blacklist paradigm.

    --
    Female Prison Rape in NY