Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Kill Spam Without the State

Posted by CowboyNeal on from the at-least-bruise-it-real-good dept.

WaxParadigm writes "The Colorado Freedom Report, an online libertarian publication in Colorado, has an article today about How to Kill Spam Without the State. Will our heavy-handed attempts to stop spam through legislation have the outcome we desire?" The article advocates putting the burden on the end user, saying "We must also take personal responsibility to kill spam. We can't pretend the politicians will do it for us. Their incentive is to develop a cute re-election flyer, not solve the problem. If you're still tempted by the political approach, ask yourself one simple question: who is more technologically savvy, your average spammer or your average politician? There are steps each of us can take to kill spam, and to help foster a culture that encourages spam killing." While this forgets the onus of spam on the ISP and telco companies, it should well be part of a multi-tiered plan against spam.

6 of 517 comments (clear)

  1. We can stop it ourselves... by zer0harm · · Score: 3, Informative

    Here in New Zealand we just post spammers personal details in major newspapers... http://www.ananova.com/news/story/sm_811235.html?m enu= Followed up with threats and obscene phone-calls, this is an effective tactic. There are now up to 100 million less spamails per day.

  2. Re:Again by platypus · · Score: 4, Informative

    There is the technology available to avoid spam. Spam blacklists, Bayesian filters, and Challenge-Response systems will handle the vast majority of spam, if not all of it.

    And all of these either have either costs, drawbacks, or don't really solve the problem (i.e. Bayesian filter on MUAs don't avoid the traffic etc.), while I can't for the life of me find anything bad on the thoughts of spammer rotting in jail.

    </half joking>

  3. Re:Spamcop sucks by Phroggy · · Score: 4, Informative

    I just got a legitimate email returned because spamcop claims that the smtp server of the webhosting provider has an abnormal rate of spam.

    Your e-mail was returned because whoever runs the mail server you were trying to deliver the message to has chosen to bounce mail from any IP in SpamCop's blacklist, which SpamCop has always recommended against. Complain to the people who made that decision, not SpamCop.

    And, the reason the IP is listed in SpamCop's blacklist is probably because the server you're relaying your mail through has also been relaying spam, and people have complained about it (using SpamCop's reporting service). Go here to find out exactly why an IP is listed, along with sample e-mails that users have reported as spam and some statistics about how much spam has been reported from that IP.

    The worse thing about spam is that filtering systems create false positives...

    SpamCop says this is why their blacklist should not be used to block mail. Their list is entirely automated; it's based on reports from users, and SpamCop does not verify it. Read more on SpamCop's site about exactly how it works.

    My provider requires authentication but everyone knows that you can create spam using a IP address from a well behaved smtp server.

    SpamCop is really very good about identifying where a message actually came from, not just where it's been relayed through - unless there's something suspicious-looking about the server it's been relayed through (such as, for example, the hostname the server identifies itself as [the Dj line in sendmail.cf] doesn't resolve to the server's IP).

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  4. How to fight spammers by __past__ · · Score: 3, Informative
    There are ways to directly fight spammers without waiting for new laws, and without delegating the problem to someone else. Client-side filtering is no solution, the spammers don't care much - people who filter wouldn't have bought from them anyway - and it still causes massive bandwith cost.

    One of the nicest ways is a "teergrube" (tarpit) - a special SMTP server that is tuned to process incoming mail really, really slow, thus making the spammer's tools very ineffective. It doesn't take much bandwith or other resources to run one - everybody who has a computer connected to the net and doesn't need to run a "real" mail server (or is willing to configure a teergrubing proxy that only traps spammers and lets the real MTA take care of ham mail) should do so.

    Most spam is sent via open mail relays. If you are bored or annoyed enough, take the time to read spam mail headers (the interesting one is the last "recieved" line, usually), and inform the admin of the open relay, so that they can close it or get the fuck out of the internet. Also, inform a blacklist like the Open Relay Database, so that mail servers will reject mails from these hosts.

    Try to poison they address databases. Set up a web page invisible for human users that contains lots of addresses that don't exist. But be sure that these addresses also will never exist - only use subdomains that you control, or those mentioned in RFC 2606 (Reserved Top-Level Domain Names), hoping that stupid spamware will try to send to these addresses anyway.

    None of this is at odds with client-side filtering or legislative initiatives, just some additional ideas. And annoying these bastards feels good.

    --
    Programming can be fun again. Film at 11.
    1. Re:How to fight spammers by scrytch · · Score: 2, Informative

      > One of the nicest ways is a "teergrube [iks-jena.de]" (tarpit) - a special SMTP server that is tuned to process incoming mail really, really slow, thus making the spammer's tools very ineffective.

      Feel free to suggest such a solution to earthlink, MSN, and AOL. Here's a clue: spammers don't send hundreds of spams from single IP's anymore. That's what relay networks are for.

      > Most spam is sent via open mail relays

      No, it's usually open proxies now. Proxy talks to local network mail server, local network allows relaying. Very different problem. The emerging new method is viruses, c.f. the Sobig network. The very last (top to bottom) Received: line is usually forged, the interesting one is the one right before the last mail server you trust. Everything chronologically before that is suspect and probably bogus.

      > Try to poison they address databases. Set up a web page invisible for human users that contains lots of addresses that don't exist.

      These are weeded out fairly quickly. Better to seed it with "probes", aka honeypots or spamtraps, which helps identify spam senders proactively.

      --
      I've finally had it: until slashdot gets article moderation, I am not coming back.
  5. Mailing Preference Service by radio4fan · · Score: 3, Informative
    From the article:

    While people get all kinds of junk mail, nobody's calling for a "do not mail" list.


    Why not? We have one here in the UK -- the Mailing Preference Service.
    If you sign up to it, direct mailers are forbidden to send you junk mail. The direct mailers have to pay its costs, and it's mostly effective.

    They even have a 'baby mps' to stop bereaved mothers from receiving baby-related junk mail/samples.