Slashdot Mirror
Spammer DDoS-By-Virus On spamhaus.org
McDutchie writes "Steve Linford of Spamhaus announced in a press release that the latest Wintel virus, W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS. It's becoming more and more clear that the spambags are the ones behind the recent mess with the Windows viruses. They must really be getting desperate."
Seriously, I've been getting less spam lately thanks to filters. Sure, it's not gone entirely, but it's a lot less of a hassle than it used to be. I sure hope this is a sign of things to come... If they're this desperate to stop anti-spammers, they gotta be in their throws of death.
Ironically, the spammers who try to "get tough" in this way will probably end up putting themselves out of business. They've only survived this long because of relative obscurity, but once these extra-malicious spammers are caught, there won't be much in the way of goodwill for the other, questionably legal ones. Good riddance.
I wonder if this will be quickly followed by a press release on being slashdotted..? The world's friendliest DDoS attack..
Chris, taffie down under..
...that the death penalty would be inappropriate for these people? I sure can't see why it would be.
Spammers have been DOSing internet email for years. Now they're simply adding their attacks to another protocol. Think about it.
I like this NANAE post by Steve Linford much better. Especially the last paragraph.
bet you 10 karma that your spam has virus on it.
W32/Mimail-E, was created by spammers for the specific purpose of DDoS'ing Spamhaus, Spamcop, and SPEWS.
And in phase two of the attacks spammers craftily create stories containing links to the target spam lists and post them on slashdot. LFTL
It could very well be a diversionary tactic and it is best left to law enforcement to decide who the real culprits are.
"really getting desperate"
yeah right, sounds like bush about irak
First DDoS and now a slashdotting...tsk tsk tsk...
I've said it before, the feds should stop looking for super-uber-mega crackers. The biggest, most expensive, and most damaging ONGOING computer crime is spam. They're not idiots, and they're not harmless nuisances. They're quite capable, and have hired on many technically proficient guns to do their dirty work, cracking systems, running hordes of zombies, and trying to find exploits in every commercial and non-commercial system so they can send out ever more spam.
Get to work on eliminating spammers and much of our current crop of computer-related woes will just GO AWAY. The only people who would hate for this to happen are the spammers, the hired guns, and companies like Symantec...
This is great news!
Now we're once step closer to linking spam to al Qaeda. These viruses are terrorist actions, and are more demonstrably more dangerous even than Iraq's nukes!
Once we somehow link spammers to September 11, we can invade them (or maybe just throw them in jail where the other inmates can do the "invading").
So how about using Bitkeeper or Freenet or Gnutella to distribute spam blacklists and other information?
-- Ed Avis ed@membled.com
Anything that brings "spam" and "viruses" closer together in the public eye is bad for spammers in the long run.
And fortunately for the rest of us (or unfortunately depending on your point of view), this type of behaviour just makes spammers more of a target for legislation and law enforcement.
I'm a perfectionist but I'm trying to cut back.
Filters, yes. Spamassassin, yes. Antispam registries (think SPEWS), no.
Lists of IPs for "antispam" purposes, drive me bananas. I normally run an MTA on my machine, and don't see any reason to relay mail (slower notification of problems, have to remember to change the relay whenever moving from network to network, etc), and there are groups like the DUL that just block swaths of IPs from sending email.
I hate getting spam too, but not as much as I get screwed over by stupid antispam "fixes".
I'm all for antispammers and spammers beating each other up. They both suck.
This whole thing is just a massive upheaval over the fact that Free Email Everywhere Just Doesn't Work. It's whitelists sooner or later, anyway.
May we never see th
It seems a long bow to draw to assume that all of them do so.
First they spam us and now they do even infect us with viruses... when will it ever stop?
I don't really get it, while spam is increasingly annoying (altough i use a highly customized spam assassin filter i still get about 10 unwanted mails) writing viruses is plainly illegal. But what's the reason for DDoS'ing these sites? The only way to fight the spam is to use mail filters. if people want one they have to customize it themselves to make it actually work.
If the spam keeps increasing as fast as it has in the past few years, the future of mail will be dark... here is my vision: (behold!) you will have a "buddy" list of friendy or coworkers similar to instant messaging services such as ICQ and MSN Messenger and only mails from "thrustworthy" origin gets actually forwarded to you mailbox. not so cool, isn't it? but imho its the only way not to have to delete several dozens of spam a day. (and what annoys me most -> i sometimes accidentially delete mails from friends because they are hidden underneath masses of spam.)
yours
johannes
".Sig Stealer" was here
it goes without saying that this is pretty sleazy, but unless they are idiots, whoever wrote this is probably sitting somewhere overseas. so, unfortunately we can bitch all we want about it being illegal, because noone is going to do anything about it.
time to continue using spamassasin. it works pretty much 100% for me. it's not really the most ideal solution (the ideal solution being saving the bandwith used by spam by not allowing delivery), but it does same the man-time in trashing spam.
They must really be getting desperate.
This reminds me of the President claiming the increased rate of attacks in Iraq was a sign of progress. Since when does increasing sophistication demonstrate desperation?
Do me a favor and double it!
These sites should turn their evidence over to the FBI. There's now good reason to go after the handful of individuals responsible for most spam.
Because they'll be about the same size that the prison cells that you'll soon occupy after we track you down and prosecute you to the fullest extent of the law. It would be ironic if they served SPAM for dinner.:P
where do you get this notion that this has anything to do with the return address? it's a DDoS attack. bounces can't realistically flood a site enough to take down a DNS RBL (and if they somehow did, a temporary change in MX records would take care of that).
also legit mail admins don't launch DDoS attacks or break into other people's machines with viruses. give me a break. anyone who seriously considers doing such a thing deserves to be blacklisted.
I have found a useful friend with Mailwasher, For those of you that thought the war was lost, check out this beauty.
No direct links, Look it up for yourself.
"Honey, I feel a certain distance between us..." "Really? A 31ms ping ain't that bad..."
I'm finding it very difficult to keep up with all these anti-terrorism/Homeland Security/Patriot Act laws. Didn't they create some law or other where sending computer viruses and DoS'ing constitutes an act of terrorism?
When life hands you lemons, grab the salt and pass the tequilla...
I dont think anyone can be that stupid... Uhh.... hmm. Nevermind.
Recently my cable internet service was suspended. Upon calling tech support I was transfered to the fraud and abuse department, you can imagine the look on my face. The techie told me that my access had been suspended because a computer on my network was infected with the welchia worm. The techie was kind enough to even provide me with the MAC address of the offending machine. I was suprised because my mixed network of 10, linux and windows machines, is kept up to date with the latest security patches. After checking all 10 machines I found that none of them had the mac address supplied by the techie. Upon further investigation of my DHCP logs I found that my WiFi network, SSID free_as_in_beer had its first visitor. I left it open because I believe in free access and wanted to see if anyone interesting would enter the network. Unfortunatly the mysterious computer was not logged in so I could not send a net send message to it, and it seems that the person would connect infrequently. I asked my neighbors and couldnt find the individual so I was forced to employ WEP enchrption. Now I've got chalkings outside my apartment just incase someone with any bit of knowledge wants a free ride, but my point, yes I actually had one, thanks for reading was that I feel bad for grandpa and grandma with their 2000 model compaq connected directly to the cable modem for emailing the grandkids. I was fortunate enough to convince the ISP that my network had been secured and I was granted access again, they on the other hand have few options. Then again this is a good thing for repair guys that make house calls, but between gator (or whatever its called now) and all the other crap out there I think they're busy enough.
I only wish that I could keep my WiFi up without WEP for my neihgbors or anyone walking by without exposing myself to risk of internet connection termination.
Have any other slashdotters had similar experiences, or suggestions. Thanks.
Im dreaming ofa big bndwdth, That can resist the
based on the number of spams that are getting through. It has jumped up again (doubled) in the last 1-2 months.
The spamers are not desperate. They have simply figured out nice openings and are bulldozing a near infinity lane highway.
I prefer the "u" in honour as it seems to be missing these days.
One of the recent worms attacked Microsoft too, so who shall we blame for that ?
Also, I'm not sure how "desperate" spammers are, so far it looks more like a stand-off. I would be sure if spam stopped, or at least was cut off significantly, but is it the case ?
I like my outfit, it's inexpensive, but cool -- April Ryan
Remember how every spammer that got interviewed would claim that he wasn't doing anything illegal?
Well, when these viruses get traced back to the spambags, it's going to be sweet to see those bastards doing time.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Well, the guy behind this article is obviously a spammer.. its a really smart idea to slashdot a site which is getting DDOS'ed... Well, I'm wondering what would have been more damage.. the worm or the slashdotting
Maybe it's a 1-2 punch type approach. ...(DNS/blacklist/etc has to be re-routed until virus passes)
Step A - release virus to DDoS on blacklist maintainers
Step B - while blacklists are down, send out massive spam campaign or more virus-type spam
Sorry for replying for my own post, forgot to add this:
I found from techtv.com a program for network intrusion detection called Intrusec Expose from www.intrusec.com. Its pretty cool software for monitoring your network and can do a lot more than just tell you what computers are connected and altert you when net computers enter the network. It can also scan for services and such.
No I'm not affiliated with this company and I'm not endorsing this software, I'm actually asking if anyone knows of a free, OSS or not alternative. The demo was great but that was 30 days ago.
Im dreaming ofa big bndwdth, That can resist the
No wonder I've never found any of them... Is that a blog? /me runs away screaming
I'm being serious here...
Haven't the authorities shown a propensity for going after malicious software writers, particularly viruses and worms, whilst completely ignoring spam? By writing malicious software, haven't they just attracted a whole lot more attention from law enforcement than they would otherwise have got?
Good on them I say - I think we could do with more law enforcement attention on these sort of people!
Of course it doesn't deny the impacts on those being attacked, nor covers the international aspects of spam. But with more countries creating explicit laws to deal with hacking and misuse of computers, the more dodgy spammers might start getting what they deserve - a good ass-pounding in prison!
First get a corporate shield, an S-corp can be had for as little as $100 in most states. This will protect your personal assets from a lawsuit.
.40 bottle of vitamin C with a little sticker that says "Placebo you bought from a spammer, dumbass. Cure wait ails ya."
Get a bulk mailer and email harvester and sell "Placebon the Herbal Viagra." Get a credit card processing account (or maybe just paypal) from a bank.
Email a million people.
Get ~5,000 orders.
Charge $19.99
Send them a
You profit. They get burned. Everyone wins. For the moral people, think of it as your personal war against scurvy.
Anyone who believes that this is the desperate act of a dying species is woefully wrong. Spammers used to be somewhat naive technologically, but the last year or two has seen a consolidation of spammers with virus writers and in essence the battlelines between the "good" and the "bad" users of the Internet have never been so well drawn as now.
A symptom of all evolving systems, natural or artificial, is that parasites will take advantage of easy opportunities. In nature, this battle has been a fundamental force for evolution and change. I don't see why it should be different in the Internet, which largely behaves like a natural system.
Here is an analysis of the subject by an expert on the matter (oh, it's ME?!). Bottom line: as long as the Internet is built on predictable defined structures (protocols and gateways), it will be heavily parasitized. What we see today is only a warmup. The solution is to find ways of evolving the structures of the Internet faster than the parasites can evolve.
This problem won't go away through wishful thinking - we need to understand what is actually going on. Heck, this discussion is moot: if my theory is correct, self-modifying defensive systems will happen exactly as the parasites have evolved: because this is what happens in natural systems.
I just trolled myself. Damn.
Ceci n'est pas une signature
this virus spreads itself by email a ZIP attachment which contains EXE that must be run, of course its Windows only.
I would love a way to identify IP address of all idiots who contract this virus, just to be sure my AOL/RoadRunner/Verizon netblock blacklists are complete.
People shouldn't just jump to the conclusion that the perpetrator of this is some commercial spammer. I visit some webmaster forums and many have commplained that some of these sites like SPEWS often go overboard in their blackholing, ending up block innocent bystanders who have a tough time getting out of these blocks.
I say it could have been the work of some pissed-off admins who were frustrated.
eTrade SUCKS
The spammers spread the new viruses by email. People who use outlook are the ones at risk.
I think that software companies that produce such defective software (MS in this case) share the blame and should be included in ay legal action against these spammers!
What beggars belief more is that a corp with the near-infinite resources of Microsoft still gives people a near-perfect vector for virus distribution. I'm sure if any one of us had 40Bn cash and 8 years (is that how old LookOut Express is now?) we could either code or hire programmers to code an email client that wasnt broken.
:o)
Of course.. if they ever mended LookOut the AV guys would go out of business overnight but that's a whole new consipracy theory involving large cash backhanders and deliberately broken coding there...
I wonder if those who believe Might Is Right ever wonder if they Might Be Wrong...
My ISP once used it for filtering.
Seriously, if you want to reject stuff at SMTP time rather than accepting it then processing it, try using sa-exim (a freshmeat search will turn it up) - it fits into exim and rejects as soon as it's worked out it's spam - mid-DATA if need be.
Smegma.
.. when they're explaining to their three hundred pound cellmate 'Bubba' just why they're in jail.
An eye for an eye, a minute for a minute;
Well, say spammers send their messages to 2 million recipients, and each spend, on average, 10 seconds reading and deleting said spam. That comes out at 231 days of _completely wasted_ life. Life that can never be given back to whoever lost it.
Even worse, since that's time spent awake, it's more like a year of real time. Say the spammer sends 100 such spams, he would then have _wasted_ an entire lifetime. We can thus, by the "An eye for an eye, a minute for a minute" rule, confiscate the rest of his life!
There's the argument you requested!
cheers,
m
If you use blocklists to block mail rather than score mail you have no idea if you are getting false positives (they aren't even accepted).
Of course this means that your users won't be able to complain about false positives.
What they don't see can't hurt you. Right?!
You should be very careful about using blocklists which you don't control to block mail.
If spammers are really behind these virii, and we're able to verify it, then it is probably that even the blind and computer-ignorant gov. offices, like FBI, or whoever, will eventually get the same info others have.
Whereas before their only offense was spam (which is gradually being outlawed), now they have done something for which people have been indicted and sent to jail for.
Spammers are evil -- we all know that -- and this just means the gov. (if they're awake) will finally have a tool to put the worst of them in jail once they can prove who's spacking and creating anti-anti-spam virii.
I've been using SpamAssassin's Bayesian filtering features to get rid of my spam for good. I've turned off SpamAssassin's use of any of the antispam sites like spamhaus, spews, and spamcop, mainly because some of them have been foolish enough to sweep such a wide net that turning on use of these sites causes SpamAssassin to filter legitimate mail that comes from my own domain! (that's what I get for living in a country whose ccTLD is run by a brain-damaged registrar...) I've been running almost totally on Bayesian filters after having trained them carefully for a month, and have thus far had zero false positives and false negatives. I mainly keep the spam around to further strengthen the training of my filters and for occasional entertainment value. Those Nigerian scams can be really funny sometimes, you know. :)
These blacklists could go away tomorrow and my Bayesian filters will only keep getting better and better at weeding out the spam. In my experience, these antispam sites are actually more part of the problem than the solution, because they filter more mail than they should.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
I see this becoming more and more prevalent as the restrictions against spam increase and the filtering methods become more advanced.
A while back (could be 12 months+) we were discussing the new TLD's coming through. It seems obvious to me that we could fix the spam issue with TLD's. So it's illegal to spam with the new laws, but there is a legitimate business case to spam as some people will buy stuff from the spammers (see dating thread a few days ago).
With a TLD of *.spm (or something unique to mass mailing) we could allow spammers to legitimately send out their campaigns, while allowing easy filtering. If you send mass mail from a non-spm domain then that's where the new laws come in.
There is a similar argument for p0rn sites. Stick them all on an *.xxx domain; as they all say their "clients" knowingly want access and are not out to catch the unsuspecting child.
Either that, or someone writes a virus that gets the spammers IP's from these lists and DOS's them back.
I wish that were the case, but I seriously doubt it.
What the spam filters need to do is borrow a page from the spammer's book, and distribute their lists out to different locations. That way, if one IP gets DDoS'ed, it doesnt stop the spam from being blocked...
Manipulate the moderator system! Mod someone as "overrated" today.
Slashdot will.
There are few things I can think of more Homer-Simpson-ish than post a slashdot link to certains sites to tell the world they are being DoSed.
-><- no
Spamassassin has Baysian filtering, in addition to the extensive ruleset it uses.
It can also optionally "autolearn", where decisions about what is spam based on existing knowledge can be used to provide automatic learning input for the Baysian system for future emails.
May we never see th
It's just general lack of competence and understanding with law enforcement. The whole Internet thing is new to them (it's fairly new in general for that matter) and it requires very different tactics, skills and resources than normal investigations. Thereofre it is taking time for the law enforcement agencies to change and grow.
Also it isn't really clear what is and is not important on the Internet, crime wise or even what should be a crime. I mean some things are pretty clear, like pedophiles luring little kids in for sex, or defrauding someone. These are normal crimes in a new medium. But some things like SPAM aren't nearly so clear. I mean to the lay person, it seems just like junk mail. WEll junk mail is a little annoying, but no big deal. They don't know that SPAM is different (it costs the recipient) and that the spammers aren't legit bussinesses like jumk mailers usually are, they are often scammers and criminals willing to go to any lengths.
Unfortunately, I think we have 10-20 more years before we start to see really efficient policing of the Internet. Laws and law enforcement agencies need to be changed and they need time to learn how to efficiently handle electronic crime.
Things like this will elad to a crackdown. SAPM isn't illegal and many politicians don't seem to see a reason it ought to be. However DDoSing IS illegal and is something that people get busted for. However even higher than that on the authority's shit list is viruses and the like. So, the more spammers resort to these tactics, the more likely they are to face legal repercussions, and you can't just DDoS the FBI away. IT also ties SPAM to illegal activities in teh mind of the layperson and makes a law against it more likely.
I'm not saying that the feds will go after these guys with a vengence tomorrow and everything will be better, but the more they do this, the higher their risk factor and exposure, and the closer they come to an inevitable bust.
light not only can help you to see text, etc.... when properly manipulated, it can also increase comprehension/tolerance, etc....
it's what's in the light that changes everything. you may continue to pretend, if you need to.
Sorry, MailWasher is not for me.
SpamAssassin or Mozilla's Junk filter are both much better alternatives - they're the most effective against Spam... and they're FREE!
Why does the Direct Marketing Association support marketing emails? Because they're on DRUGS.
Let's make an assumption: 90% of all SPAM emails are fraudulent in some way. I think that's a reasonable number.
Now why on earth would a legit organization want to associate itself with something that is so clearly a problem? Because they're on total DRUGS, that's why. There is no other reason.
It's like CocaCola going to France and saying that they want to have the right to sell Nazi Coke to anyone... even though it makes everyone puke their guts out because it's made of sausague and pickles. But since a distributor or two will buy it, well, then let's sell!
If the DMA pulled all support for email campaigns for the next two years, then it would help convince all that all SPAM was fraudulent, instead of 90%+.
Ok I got a pitch forh, we need a old preast, a new preast, some fire, and a whole lot of LART weapons. GET the spamers.
Well who woulda thunk it?
Seriously tho, I would think that this would have a good effect if it can indeed be proven or at least traced to a particular spammer...
The US and other governments seem to be all gung-ho about prosecuting people who write virus code, and seem to be mostly talk and hot air about the spam problem, perhaps this will get them to actuall take notice and do something about both...
At least this, the idea of spammers writing and releasing viruses to stop RBLs, could be prosecuted as a criminal case instead of the civil matter that spam has historically been.
"Our funds have never taken part in toxic or death spiral convertible financings of any sort" -BayStar's managing partne
Correction -- instead of "just bounces the mail", I should have said "just drops the mail".
May we never see th
Your *kid* having to push delete on something with pictures of stuff in orifices where it doesn't fit is also what the problem is...
awww, did someone not pass the physical requirements for agent training and had his life dreams crushed after watching every episode of the x files on dvd 3 times
They can launch a DDOS attack using other peoples computers via virus, they can set up webpages on those same computer too via virus, our government isn't too saavy when it comes to the internet or computers, and can't afford computer saavy people, they will end up arrest innocent people. Look at the case of the programmer who wrote Blaster, he had his domain in the flipping thing for godsakes and look how long it took them to figure it was him.
Consider the consequences of univeral use of whitelists.
Spam initally becomes almost completely ineffective (good), and it becomes difficult to contact people initially without an introduction.
So, how do we solve the problem of contacting someone who does not have my address on their whitelist, e.g., a researcher who just published something of interest?
We'd need to start a way of traversing overlapping "buddy networks". This may spawn something like the 'Six Degrees of Separation' experiment/game, as in "I need to get this message to Mr. X, could you please forward it to someone who might be closer to him?".
This could have ineresting social consequences. Increasing bonds by increasing communications and traded favors? Increasing annoyance among friends? I don't think spam could penetrate such a filter, since it would have to convince multiple people that it is a genuine message.
Thoughts?
The FBI functions as a secret police. Whatever the purpose of the FBI, it often doesn't investigate crime. Try reporting a crime to your local FBI office. The person who answers the phone will laugh at you, actually laugh.
If they were truly smart and wanting to ge effective, shouldn't they be attempting to DoS port 53 on the blacklist server? They can attack the list webservers all they want, but servers performing look-ups against the blacklists will keep on serving.
A) They are likely separate servers?!
B) They are certainly different ports?!
The only thing these spammers are doing is causing more publicity for these organizations, at the same time making themselves look more "evil."
Don't quote unless you understand it. You don't, therefore you shouldn't.
Yeah, the filter checks out all spam sites nicely inflating their hit counters. Good idea.
Will it also run executables to check for viruses?
You got me into this! You were the ideologue! I'm only a poor assassin! - Twenty evocations, Bruce Sterling
The Mimail-E variant is also DDoS'ing several financial web sites, such as Fethard.biz
The FBI has maintained that they will not pursue an investigation of a DDoS attack unless a substantial financial loss has occured. With the attack on an Internet financial site, this should be enough for the FBI to become actively involved.
I've never heard of Fethard, and at first glance, the site looks a little suspect. However, if that is what it takes to get a real investigation going, I'm in favor of it.
Spamhaus would have to file a complaint with the British authorities; Spamcop would be able to file a complaint with the FBI; SPEWS would have to file a complaint with the Austrailian authorities. Spamcop sells a product, and if Julian Haight can prove financial losses, that makes his case stronger. Spamhaus and SPEWS does not sell a product or service, so their complaints would have a lower priority with the law enforcement organizations of their respective countries.
If Fethard and Spamcop are being attacked by that variant, Julian Haight should be contacting Fethard to coordinate the filing of criminal complaints against the attackers.
Pete Carr Owner Chatmag.com
;)
"It is a greater offense to steal men's labor, than their clothes"
They're getting DDoSed, and you're *slashdotting* them? I'm sure that will solve the problem.
WARNING: there is a trojan on your
Finally this is our chance to make Congress liken spammers to cyber-terrorists, and for a reason politicians fear and know well enough to do something about it: "Now some of the spammers are even building a network of worm-ridden computers, possibly at the fingertips of a madman who is willing to do anything for money, and may only be waiting to turn them into Weapons of Mass Disruption, wreaking havoc to the Nation, the Internet, and e-mail as we know it..." (spooky, huh? ;-)) But honestly, if spammers do this to their opponents just to continue advertising, is there really any reason why they could not, or would not do it to *.gov, either for the sums an enemy of U.S. could possibly offer, or because that enemy hires a blackhat to hijack one of these DDoS zombie networks for its own purposes?
Outlaw spammers, put an end to spam. Sometimes it's as simple as that. (And it works: Haven't seen much fax spam for years...)
Just be "Mr. Concerned Citizen" for once and send articles like this to your congresscritter now. Let them know what spammers have already done "to your kids" (rather omit the "to your p...s" part even if you've ordered their pills and pumps) "and to your computers".
I personally have noticed that Spam has been slightly on the decrease. But what must be remembered is for every great idea put forth by somebody that understands what is going on there are cries from the countless hordes who do not and only see the end results. Take for instance the near univeral blocking of port 25 at the ISP level. For the person connecting to other mail servers aside from their ISP's, I guarantee they will be having a fit like a two year old being teased with candy just out of reach, for those with understanding and Admins open relays from stand alone computers has just been permanently stuffed. Who has greater numbers, those near countless hordes who whine and still just open any .exe they can get their hands on or the Administrators? Use of lists are getting very common as well denying all non-dynamic scoped IPs or taking somebody's word for who is and is not a spammer in an unregulated and uncontrolled environment. Again, the cries of the many outweigh the few who understand the full extent of damage Spam can cause to a network and a network's reputation.
The constant cat and mouse game was inevitably fated to move to new levels until the scourge of Spam is addressed as seriously as the nature of it is that being a wholesale waste of time, bandwidth, and storage space in addition to DoS possibilities. It is very possible that Spammers added Script Kiddie to their list of slimey traits, it would be a logical progression in attempts to circumnavigate anti-spam measures. What we should be discussing as a community is how to bring education to the general public to get the numbers on our side and have the whole Spam issue properly addressed. Laws might be one way, Technology and advancements may be another but in the long run bettering understanding of the basic principles of email and the consequences of sending 12,000 emails to a server at one time may further the issue. It would also pave the way for education on system comprimises which are now a major factor in sending Spam (Own a Windows box with a self SMTP engine, check the MX records for the domain and rip data right out the Windows password file) With everything basically already at the computerized stage and growing and near everything approaching the ability to be networked, allowing the masses to bask in ignorance is a great invitation for us to keep having to deal with these issues.
-1 Overrated (Too many big words for me to comprehend)
They hack into an FBI agent's machine.
Fight Spammers!
maybe spamming is not legal..
writing viruses IS.
i hope they continue like this, get caught and get convicted!!!
hang'em high!!!!
Privacy is terrorism.
what do you care if spammer A pays spammer B for hits that never actually occured? If you never see the email or the site, it's not a big deal.
you are required to pay a small escrow fee as part of your ISP service fee, AND
if someone receives and e-mail from you and deems it as spam, then he clicks the appropriate button, AND
your escrow fee is charged *once per e-mail* and his is increased by the same amount.
The balance of the escrow fee would be refundable at any time, but accounts with a balance of 0 would be unable to send e-mails.
As I think through this, I can see several virtues:
1. The senders of spam would have to pay per offensive e-mail and would thus have strong incentive to stop.
2. Senders of legit e-mail would continue to have free or mostly free e-mail.
3. Those affected by spam would have immediate recourse and receive compensation for their time.
4. The spirit of the plan seems right: if you are going to waste my time with your spam, then you pay me for it. But if you are a friend, you get my time for free.
Does anyone see drawbacks to this plan? Perhaps increase in net traffic per e-mail sent, but that would presumably be offset by a substantial decrease in spam.
Human being (n.): A genetically human, genetically distinct, functioning organism.
[...]
my ISP (who, incidentally, enforces a strict anti-spam policy)
These two statements are mutually contradictory. But first, a reminder that SPEWS is not Not NOT representative of mainstream anti-spam blocklist providers. Both SpamCop and SpamHaus use narrow targeted blocklists. Furthermore, the real responsibility for your blocked email lies with the recipient postmaster who chose to use the SPEWS list. Their server, their rules. You could call them and ask to be whitelisted.
According to best evidence, SPEWS always starts with an abuse complaint email and a /32 blocklisting. If further spam arrives at their address(es?) the listing expands to /28, /24, etc, until either the spammers are removed or the entire ISP is listed. In order to reach /16, your ISP must have ignored SPEWS and retained its spammers for a long Long LONG time.
$5 / month hosted VPS on linux = awesome!
$5 / month hosted VPS on linux = awesome!
Stories like this make me wonder if worms like nachi might actually be a good idea. Yeah, they can cause some network clogging when they spread, but maybe that would be a reasonable price to pay to wipe out the armies of zombie PCs that can be used for this kind of attack.
But not whitelisting as we know it.
Think about it: most spam comes from cable and adsl connected machines. dynablock.easynet.nl is trying to block each and every dynamic IP on earth, effectively making it a whitelist of static and therefore blockable IP's.
One could even take this one step further: blacklist the entire internet and whitelist known mailservers. Getting out of that should be easy, but no so easy that a spammer could do it automatically. And when you're spamming from a whitelisted IP, the IP is blacklisted again for, say, 1 week. Then it can be whitelisted again, but when you're spamming again, then it's blacklisted for a month.
The hard part of such a whitelist is: where do you start? I think it would be sensible to start out by simply tagging mail originating from blacklisted IP's. Early adopters can then whitelist each and every IP they expect mail from. After a while a sufficiently small amount of mail will be tagged by the blacklist, so it can be used to start blocking with it.
If we only could convince each and every postmater on earth to use such a system, it could be very, very useful.
Meanwhile, please use Dynablocker. It can really help making h4x0red boxes useless as a spam source.
This is your sig. There are thousands more, but this one is yours.
just have to call you on this one:
Yes, I would and do say "alittle".
I just don't spell it that way, and who gives a shit anyway? Alot of the people who read alot understand it just as much as a lot.
The basic problem is that the DOJ is a political institution. It's not a neutral enforcement institution seeking to punish lawbreakers. Who and how it decides to punish people are political decisions, deeply influenced by the political needs and goals of the administration. Spam and spammers have too many growing ties to people important to the Republican administration and its pro-corporate, pro-business financial backers. A real crackdown on spam would have shockwaves that would hurt them financially and politically, and with the election only a 366 days away, you can bet that pissing these guys off is something they don't want.
For someone in a rural area and no possibility of getting a faster connection than 26 kb/s, just the time it takes to download the mail is a real pain. My friend's ISP provides web access to mail, but that requires reading the subject lines to determine which messages to delete (and thus not download the body/attachments). Currently he's using PopFile, but has to d'l the messages to filter them locally. We're now looking into Yahoo's MailPlus, which allows Bayesian filtering at the server.
$5 / month hosted VPS on linux = awesome!
In a sane world, your response would be correct. Everyone could choose their own degree of filtering.
Unfortunately, that just isn't the case. I can't control the degree of filtering that happens that the compay where I work, as I'm not a member of IT. Furthermore, I cannot control the degree of filtering that happens to other people that I need to send mail to from *their* IT departments.
you will almost never have control of the technology decisions made by your mis department (unless you happen to run the mis department.) the fact that they have made a technical decision that you don't like, or one that inconveniences you actually has nothing to do with the this technology that, in your opinion, they are misusing.
there are a whole range of ip lists, from the ineffective to the extreme. these list can be used in a whole variety of ways, again, ranging from the ineffective to the draconian. taking the middle ground on all this results in a number of moderate technical compromises that keep most people fairly happy.
just because you are pissed off at the way your mis department has used the technology should in no logical way be a reflection on the validity or potential of the technology.
the very fact that the spammers are attacking the keepers of these lists is proof that they are somehow being used in some reasonably functional way in the world, and that this is having a serious impact on spammers.
Cool, now we can prosecute the fuckers under antihacking laws and put them away for a few years.
Let's see how the spammers like spending 10-20 in the clink.
Connection refused. Who needs viruses and DDOS attacks when you have the Slashdotting effect?
Since the site is currently being slashdotted, here is a copy of the press release:
A new virus released by spammers on Saturday 1st November is infecting computers worldwide, and this time the purpose of the virus is to attack www.Spamhaus.org. The W32.Mimail.D virus is the latest in a string of viruses, each one released by spammers for the purpose of creating a vast worldwide network of spam-sending machines and building an attack network consisting of hundreds of thousands of virus-infected zombie machines with which the spammers then attack anti-spam organizations.
W32.Mimail.D is designed to infect computers worldwide causing them to each begin making overwhelming amounts of bogus requests to Spamhaus.org's web server, www.spamhaus.org, and also attacks the web servers of www.spamcop.net and www.spews.org.
Spamhaus began coming under massive distributed Denial of Service (dDoS) attacks in July 2003, soon after the release of the SoBig.E virus and the Fizzer virus (W32.HLLW.Fizzer). In June Spamhaus stated that spammers had now moved from simple spamming through open proxies to actually manufacturing and sending out viruses to create a network of spam proxies, infecting hundreds of thousands of mainly home-user machines on broadband (ADSL) lines.
Fizzer (W32.Fizzer-A) in particular is a very wide-spread worm which spreads by emailing itself to contacts in Microsoft Outlook and Windows address books. The purpose of Fizzer is to install a minature web server on which spammers then host typically "pills & porn" sites, an IRC backdoor, and a DoS attack tool specifically for attacking anti-spam organizations. In August and September 4 anti-spam systems were forced into closure under overwhelming dDoS attacks that hit them for weeks at a time.
Spamhaus itself was subjected to the same intense dDoS attacks for 3 months but survived thanks to its large distributed network capable of absorbing the attacks. Still, expecting more attacks, in mid September we moved the Spamhaus web site behind an anti-dDoS device known as iSecure supplied by Melior CyberWarefare Defence (www.ddos.com) and can therefore now withstand the waves of dDoS attacks.
From: http://www.spamhaus.org/news.lasso?article=13
nothing new: Already Sobig showed that SPAMMERs would write viruses to serve their needs. Perhaps it's even the same author. Wouldn't surprise me.
We'll see more if that shortly. SPAMMERs are outsiders (socially). So they build their own structures.
Regards, Martin
Err, why is this damning? It looks like a statement of the blindingly obvious to me.
Your previous email was incorrect in the same way as every pro-SPEWS discussion I have seen has been incorrect. carrelet.net is not my ISP, it's one of my company's servers that we lease from Host Europe, for which we have the root password, and if we caught Host Europe messing with it we would be very unhappy and might well have grounds to sue.
So given that Host Europe are in the business of leasing servers to companies like us, and that we don't use their centralised smtp servers, how would you like Host Europe to comply with the question to which that letter appears to be replying?
My basic beef with SPEWS is that it doesn't take into account the server park scenario, and treats all the users of a park as if they are being administered by the same organisation. This makes about as much sense as blocking phonecalls from entire towns if one person in that town is abusing his phone line. Or blacklisting IANA if they provide an IP address directly to a spammer. We have effectively bought our IP address from Host Europe, and we would like to be judged on our administration of that IP address, which doesn't seem too unreasonable to me.
Now if you can find correspondence showing that Host Europe won't terminate the contracts on servers that have been used for spam, or that they promptly give another server to proven spammers, that's a different matter. AFAIR, their contract says that they follow a strict anti-spam policy, and that any proven case will result in immediate termination of the contract plus a 100 UKP fine.
But, I repeat, no-one offering dedicated hosting can guarantee that none of their machines will ever be used to send spam. If you disagree, maybe you could recommend a company offering complete control of servers that doesn't have this sort of issue with SPEWS from time to time. MagicMoments is one of Host Europe's machine-leasing divisions, so I'm not surprised that their machines sometimes get used to send spam, but that doesn't equal a 'pink contract'. The question is what they do about proven cases of spamming from their server park.
Virtually serving coffee
how about mandatory castration and hanging of spammers? ;)
i run a mail server, web server, etc...
my main mailbox used to get close to 200-300 spams daily. I've implemented a few blacklists, including the one that lists all the dynamic IP blocks (a mail server on a dynamic ip makes absolutely no sense to me)since i put all the blacklists in, i get at most 6-7 per day which are usually all caught by my bayesian filters...
My dad also uses my server and runs a sales business from his email address... he lost one good email (which he re-requested afterwards), which was blocked by two RBL lists that were questionable from the start. I pulled those two from the list of relays i check and I havnt had a lost email since... RBL lists seem to work really well for me... probably the best anti-spam mechanism i've used. bayesian filters are a good supplement to the system.. i never did get a 99% identification like they claim.. probably closer to 70% -- 30% of 200 is still 60 spams in my inbox daily... something had to be done... RBL's make email bearable again...
p r m t h s
who ask me to write them a virus (they think that because I'm a programmer I automatically know how write win32 viruses), hack into some database of email addresses so they can spam everyone on it (look, here is his email address, can you hack into his database?), and do all kinds of other unsavory things so they can make money. These people can't hold down a job, can't come up with an idea of their own, and have no real talents or skills to speak of. They are always looking for some windfall in lieu of actually working, are easily fooled by 'get rich quick' schemes, and would rather get hit by a car and sue for damages than get a job.
TallGreen CMS hosting
Spammers spend a tremendous amount of time and energy cracking systems, setting up zombies, getting around barriers of all sorts. The reason why is because they have a financial incentive to do so.
If security through obscurity is an intellectually bankrupt concept, then the spam industry innovates security knowledge like no other.
The fact is that spammers not only save work for the script kiddies, they help the NSA, CIA, FBI, KGB... as well as IBM, MSFT, SYMC...
Think of them as parasites that feed off our collective ignorance, and you'll see what a useful cleansing function they serve in the greater ecosystem.
Say the spam message contains an anchor containing an image:
<img src="http://spammer.com/ad.gif?id=90128735">
It should be patently obvious that if you, your ISP, or anybody else retrieves this image from the server via the supplied URL, then you will in fact be validating the address. It is irrelevent WHO retrieves the URL, the fact is that the spammer will be able to update his database to say that the e-mail address associated with id 90128735 is valid and should continue to recieve spam.
Hey, Windows users, there is no such thing as "forward" slash, there is only slash and backslash.
This is for those who do not have the reasoning ability to see Parent is on topic, but who have to moderator privelages to classiffy it as offtopic. Parent post is about the impropper use of adjectives to describe a situation, In this case spammers getting desperate. The reference to the similar appraisal of the situation in Iraq is a demostration of the widespread use of these inaccurate adjectives, as well as an example of what getting desperate really means, namely, getting more sophisticated, which often translates to more effective. The President talks about desperate acts by Iraqi resistance as the resistance gains momentum and becomes more sophisticated and effective. Likewise, the topic describes the hijacking of large amounts of computers as desperate, when a more appropriate word would be sophisticated or dangerous. If this is offtopic than 98% of what is posted on Slashdot is offtopic. Sometimes good moderation is about knowing when not to moderate.
Do me a favor and double it!
The answer of course is Vigilante Death Squads of mail admins, hell bent on literally snuffing out the sources of spam. Perhaps in a Kill Bill, Uma Thurman'esque fashion.
Why dont we just incorporate the "Evil Bit" in the header. I think that will solve all the spam problems. After all all those spammers are honest enough to include the evil bit. Hey they said that Viagra was cheaper from them and sure enough it was!
http://www.ietf.org/rfc/rfc3514.txt
Photons have mass!!?? I didn't even know they were Catholic...
They where a great free email service ('whitelist') similar to the TMDA system.
I see quite a few posts suggesting that spammers are getting desperate, but brazen seems more appropriate. They are shutting down some of our most effective anti-spam tools and there seems nothing we can do about it. To me that looks more like their winning.
Quack, quack.
- If a spam has a spoofed from address, then your C-R system will send a challenge to the spoofed from address. Since the spoofed from address did not actually send you any mail, your challenge simply contributes to the unwanted email problem. I have had spammers spoof my email address on their spam before. I really do not appreciate receiving challenges back.
- If I reply to an email you sent using a different email account than the one that you sent your email to, then my other email account won't be on your whitelist and I'll receive a challenge. By itself this is merely annoying. However if we both do it then our challenges never get through.
You might think that problem 1 can be solved simply by challenging only non-spam emails, but then you have the problem of spam filtering all over again. Most people who use TMDA do so specifically because they think filtering is ineffective.We need a "-1 Obvious Troll" score.
Given that Spamcop's website was successfully taken down, it seems that describing spammers operations as "desperate" is a lot like President Bush saying how the terrorists are getting desperate given our success (16 killed in the most recent attack).
Under capitalism man exploits man. Under communism it's the other way around.
This problem won't go away through wishful thinking - we need to understand what is actually going on. Heck, this discussion is moot: if my theory is correct, self-modifying defensive systems will happen exactly as the parasites have evolved: because this is what happens in natural systems.
The analogy doesn't work, because individual hosts don't evolve. Hosts die when introduced to new parasites or diseases... like smallpox in the new world, or the ebola virus. Humans can't naturally "evolve" resistance to the disease. The ones that don't die have some genetic immunity, and it is the continuation and spread of those genes through future generations that immunity is "evolved".
The Internet can "evolve" only because we can force changes into it. It's a thoroughly unnatural system, sorta like genetic engineering.
Anyway, maybe we should just let the parasites kill this host. And kill the Internet 2 host as well since it's built on the same fundamentals. That will, as extinctions in the past, allow others with built in immunity room to grow and flourish. Build a new core of protocols that naturally defends/prevents spam. That's what evolution is about.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
Every time you hear about crap like this, complain to your local District Attorney. The only reason this stuff is happening is because the authorities refuse to prosecute spammers and the black hat hackers they employ. MANY cases against spammers have been made by hundreds of ISPs that the DAs in jurisdictions all around the country have refused to pursue. The attackers of these networks can be tracked down, but if the authorities won't prosecute, what can we do?
1. Print out all the new laws and proposed regulations; bind them into a big, thick book.
2. Get some competent network admins (who are obviously nowhere near any government cyber-crime unit) and can easily track down the source of the spam and worms.
3. Go to the perpetrators home or residence.
4. Beat the perpetrator over the head with the book of laws.
The more laws we pass, the heavier the book becomes and the more brain damage it will do. Considering the trend our leaders have in thinking more laws will stop this when the existing laws aren't being enforced, the only reasonable solution is to use the actual laws themselves as some form of blunt instrument.
But they can place a rider in the contract stating that sending SPAM is a violation and will cause said contract to be terminated for cause. This means that when SPEWS (or any other anti-SPAM org) contacts them and says IP X is Spamming, then the ISP (Host Europe in your case) terminates the offender(s)'s connection after investigating. If they say "There is nothing we can do!" then we know they are full of bovine fecal matter. And as others have pointed out....the Admins of the receiving mail server are the ones who reject you , not SPEWS....SPEWS makes a list of offenders (and said offenders are given a chance to correct the behaviour), and OTHERS use the list SPEWS produces. Blaming SPEWS is like blaming BMW because the driver hit you while crossing the street.
All I can say is this:
:) host that tries to communicate to my MX server is sent directly to my spamd server. I can say that so far my spams have dropped by at least 95% and looking at my logs I haven't rejected any real mail.
rdr inet proto tcp from any os "Windows 95" to port smtp -> 127.0.0.1 port 8025
rdr inet proto tcp from any os "Windows 98" to port smtp -> 127.0.0.1 port 8025
rdr inet proto tcp from any os "Windows XP" to port smtp -> 127.0.0.1 port 8025
rdr inet proto tcp from any os "SCO" to port smtp -> 127.0.0.1 port 8025
Any Windows Client or SCO
But they can place a rider in the contract stating that sending SPAM is a violation and will cause said contract to be terminated for cause. This means that when SPEWS (or any other anti-SPAM org) contacts them and says IP X is Spamming, then the ISP (Host Europe in your case) terminates the offender(s)'s connection after investigating.
That is virtually word for word what the contract does say, as I've already pointed out. The trouble with the letter freddie posted is that we don't know what the question was. I suspect it was "why don't you monitor all the mail sent by all your customers using their own smtp servers?" to which the answer "because we can't, legally or technically", in which case it sounds pretty reasonable to me.
Virtually serving coffee
Many here have called spam an arms race and this raises the bar. It also shows that the efforts (Spamhaus, SpamAssasin, Spambouncer, Razor, Spamcop, etc) are having an effect.
Legislation is welcome, but technology needs to hold up its end as well.
***Distribution of blocklists must happen to defeat DDoS attacks and make them useless.*** Distributing blocklists will leave them playing whack-a-mole for a change. They can keep trying to block the lists, all the while we are using them to block their spam. In using a DDoS and forcing distribution, they will merely have strengthened the anti-spam movement. We fix what they are trying to break and still hammer away at them. Thanks for the bug fix spammers!
My spam load is still on the rise. I do not have my email posted anywhere, i do not use it commercially, I use for family and friends only. My only mistake was that it was the contact info for my domain 3-4 years ago when it was scraped by Joe Bianco, the gay spammer from Los Angeles. Thanks to him, I now get on the order of 200 spams per -day- ! Were it not for Catherine Hampton and Spambouncer, I would have had to change my email address.
Spammers will eventually lose the war, but that may be a long way off. The attacks on Spamhaus seem to show that they have been provoked, likely by anti-spam efforts, to employ desperate measures.
No, it's not at all an analogy, it's a model and a theory. There is a difference.
The theory is that the Internet obeys the same laws as natural systems, and this theory follows from the observation that articifial societies appear to follow the same rules as natural ones. This is not analogy, it is similarity based on fundamental rules of behaviour. One of those is that a natural system allows different strategies to evolve, and these will by definition come into conflict.
The point is that what we're seeing on the Net is not an abberation at all, it's entirely predictable if we understand the Net as a natural system.
The only speculative part of the analysis is that the best solutions to natural problems can be found in nature itself, mainly because 3bn years of trial and error are pretty effective.
Ceci n'est pas une signature
based on the number of spams that are getting through. It has jumped up again (doubled) in the last 1-2 months.
On which ISP? On one using proper blacklists, some good regexp rules (SpamAssassin) and some site-wide applications of the engine (MailScanner), spam is minimized. You'll get some false negatives, but it's a trickle, not a torrent.
Ever since installing the above at work (it's a .gov whose entire address list has been passed around the Internet like a trading card), spam has decreased to around 3-5 false negatives a day. Life is good.
And BTW, to the people who are moaning about the computing power needed to run SpamAssassin and MailScanner (MailScanner, especially, is a hog, no denying it) -- perhaps you need to think about replacing that 386 running RedHat 6.0 in your parent's basement. It's probably been 0wN3d a couple dozen times anyway.
There's no sig like this sig anywhere near this sig, so this must be the sig.
Fiber is getting so cheap now that local governments or the like will soon be able to run a fair amount of it around cities with tax $$. This will make for cheap and blazing-fast intra-city networks and reasonably fast networking to elsewhere. I think ISPs as such will eventually either die out or be forced to use cheaper connections.
As for spamming, I think that defensive technology will eventually get the upper hand on this issue. With a change in protocol for mail, possibly to one involving identity-based signatures or something similar, spamming can be drastically reduced. (An identity-based signature is one in which the public key can be computed from the sender's name and the server's public key, and similarly for the private keys. This means you only need to have infrastructure for the servers' keys.)
Security will probably continue to be an issue, but it can certainly be lessened with better system design. More modular systems and ones with better security models will be produced, and that will reduce the impact of most individual breaches to an acceptable level. For instance, finer-grained access control might obviate the need for a true root account, like in SELinux.
I hereby place the above post in the public domain.
...but I doubt it does iptables. So a 386 is preferable, indeed.
Then your kid's email account should be setup on a whitelist. Only those approved to send them email, by the parent, get seen by the child.
Have the rest of those picture sent to me.
I wouldn't mind C/R if it merely had no effect on the problem, but I do mind the fact that C/R makes the problem worse by sending me a boatload of challenges that I have no business receiving.
My using C/R would make the problem of spoofed from addresses worse for others. Therefore, in light of the principle to do unto others what you would like them to do unto you, I am really reluctant to use C/R unless there is absolutely no alternative.
I eventually stopped using SpamAssassin because it was too effective. It marked a couple of emails that were NOT spam as spam and I ended up losing some contacts.
If I got false positives from spamassassin then I admit I would consider C/R despite my misgivings above. However during my first month of spamassassin where I was watching it like a hawk I only ever got one borderline false positive, and it was a domain registration renewal notice that I was aware of anyway.
I might someday use TMDA in conjunction with an effective pre-filter like spamassassin, but never alone by itself because of the problems mentioned.
Hopefully they will kill each other.
Spam is only slightly more annoying than RBL's, in that without it, there would be no need for them....
I like it when people use bad grammer. It make it easier to spot the things that I probably wouldn't want to read anyway.
You're perfectly welcome to use alittle or alot, but let me tell you, my first impression is (Score: -2, Can't Write).
As soon as it becomes slightly commonplace, you'll see the spammers sending messages saying
At which point the number of people willing to respond to your challenge e-mails will drop to zero very rapidly.
In fact, if any spammers are reading this, please hurry up and do the above so we can stop having C-R put forward as the solution to spam.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Sendmail isn't really made for this, but somebody could build a mail filter that checks the DATA part headers for obvious spaminess and fork/execs a teergrube on suspicious mail. That would cut down the bandwidth problem (instead of receiving the message in a fraction of a second, it takes minutes or hours), and depending on how suspicious you want to be, either eventually hands the message over to spamassassin or else pretends to accept it while actually discarding it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Most bayes filters are designed to ignore neutral words. Even if I had a whole book pasted in, If the words viagra, valium, or whatever shows up, it ignores the rest of the e-mail and says, "Hmm, since when did Dracula need viagra." Denied!
At spamhaus, they claim the law that makes it necessary for spam to contain ADV in the subject is terrible. Wouldn't that make an incredibly easy filter to implement?
Sixteen hours removing 200,000+ spams sent to every combination of invalid addresses in my domain is the problem. Six hundred users unable to send outbound email for three days because of the spam load trying to be delivered to these non-existant users is the problem.
When I'm on OS X, I use Mail.app, which has a very effective filter with low false positives. It works with ISP filters like BrightMail, but I've found that I don't even need that.
On Windows, I use Ella for Spam Control. This little plugin is awesome. Just like Mail.app, it doesn't get in my way or require attention all the time. Flag some spam initially, and it learns your preferences from there. It looks like they just released a signatureware version, too.
Collaborative spam filtering mechanisms are great in theory, but I'm through trying one flawed approach after another. Give me effective client-side filtering instead.
Read the EFF's Fair Use FAQ
This kind of framework, if implemented properly, could easily handle even the worst slashdotting.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
My first point is that Microsoft can afford to pay for all of my spam costs. I have 2 email addresses, the garbage Hotmail one and my real one. Microsoft will pay to collect my spam for free! Any registration or information request that is remotely sketchy or is open to the public or I don't care about I use the garbage email. I don't get any spam worth mentioning on my real email address.
My second point is that this isn't really that bad a crime, so cops won't care much. This isn't a problem to law enforcement. That makes it difficult for cops to get the infrastructure and social organization ready to do things like fight spam because it needs to be justified. The harder the spammers work, the more they will support and justify the creation of the anti-spam institution, but not by the police. Unlike the police, corporations will go to extreme lengths to save money, whether or not a crime has occured. If AT&T can save $millions by creating the software and hardware to lock out craphole sources from American net space they will do it, irregardless if it is a crime and using any tool they can get away with. A company will tool up to build them a special router. A programmer will write them a program. And they will lean on government to send in the cops and allocate resources and pass laws. Then they will start beating up on the spammers and their supporters, which will include weak minded ISP's. Spam will eventually be stopped because the cost of 'collateral damage' to spam supporting ISP's and infected organizations is too high, as the anti-spam institution builds bigger and better weapons. This is will create a kind of a scorched earth scenario as the spammers and anyone nearby gets blasted, but it will happen if the spammers get any more out of control because it will make sense in terms of dollars, not necessarily right or wrong. And unfortuantely, I am sure innocent people will be hurt...but I don't care about any of that as long as my In-Box is free.
Any true conservative would disagree! We all know that spam is a part of the alien, homosexual clone plot, who have come to colonize our world and contaminate our bodily fluids! I know! My god, turn on the computer and the devil shall appear in the form of Satanic spam linked to lingerie pop-ups... Oh my, I feel kind of funny down below.... IT IS EVIL, and instrument of the devil (and alien homosexual clones), and honest family people are standing up to the spammer perverts. I am sure the spammers will burn in hell, because they cause honest people to accidentally click on pornography links to buy videos with two chicks getting it on or porcelin lawn ornaments with gnomes or little dogs, because spammers form a part of the Axis of Email, and we must launch a pre-emptive strike NOW. We must fight terrorism at any cost, no matter what it costs. There is nothing more un-American than hard core pornography spam except hard core homosexual pornography spam! And I have no idea how they got my email!
this is flame bait, but I don't give a damn.
Your analysis is very interesting, but flawed. The net has a white blood cell called 'the IT department'. This will track down and repair damaged machines and restore them to optimal efficiency. If a machine is damage beyond repair, it is called planned obsolescence, and the second defenced called 'money' is used to buy a new machine or software, which the IT department will adapt to the net, thus perpetuating the cycle of life on the net.
junkgoof wrote:
You're hopelessly out of date. Anybody paying for click-through referrals today will quickly be parted from their money by spammers who can generate false clicks as easily as they generate spam. Referral payment today is only viable for completed sales.
In any case, anything that dilutes or distorts the reliability and accuracy of the metrics used to measure the effectiveness of spam is a Good Thing. A zillion extra, unproductive hits makes a hit counter meaningless in gauging the effectiveness of a spam campaign.
Look at the bright side: there's always seppuku.
You have to doubt Spamhaus' claims of being immune now to dDos when they just got /. 'ed... Kind of ironic that an anti-dDos-against-Spamhaus post caused a dDos against Spamhaus.
Here is a thought for everyone. If you were writing an email virus what is the number one way your virus is prevented from spreading? Anti-virus? Doubtful, not enough people use it. Carefully crafted filters? Not many average users setup filters.
I think the major limiting factor in the spreading of email viruses are the sites like spamhaus, etc. These sites act like an immune system for email networks. When an email virus begins spreading the spamcop sites begin denying the virus its ability to spread.
So, taking a lesson from the real world, what is a good virus to do? Target the systems that are slowing its spread. Take out the immune system and your virus will spread faster.
Honestly, I think that people are giving too much credit to spammers and not enough credit to the virii writers simple desire to write better virii.
Date: Mon, 27 Oct 2003 21:10:22 -0400 (EST)
From: Joshua Joshua
To:
Subject: Fraud Alert. DarkProfits.com - Order 1845.
DarkProfits.com & DarkProfits.net DarkProfits.com & DarkProfits.net
Dear customer,
Recently we have received an order made by using your personal credit
card information.
This order was made online at our official http://DarkProfits.com or
http://DarkProfitsnet website. Our Fraud Department has some suspicions
regarding this order and we need you to visit a special Fraud Department
page at our web store where you can confirm or decline this transaction
by providing us with the correct information.
But, if you have never visited our site or made a purchase, you can
decline any charges from you credit card, by entering your personal info
below. Or, if you feel this method of verification insecure - please
visit our highly secure site http://darkprofits.com or
http://darkprofits.net
[FORM]
Enter your credit card number here:
Enter your credit card exp date:
Enter your name as it appears on the credit card:
Enter your address, zip code and city:
Desperation is someting that people LOSING a battle fall prey to. Right now though, the spammers are winning.
They're forcing the anti-spam organisations off the 'net.
They're writing viruses to turn random desktop machines into spam sources, and getting away with it.
They've all but destroyed email as a useful means of communication.
And they're getting away with it.
Doesn't anyone else see? This isn't a sign of desperation, it's a push towards victory--victory by brute force and slaughter.
A guy at Symmantec said (very much off the record) that he believed the last round of virus attacks was backed by organised crime. Really folks, who else has the power to do this stuff?
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
Has there every been a virus that "infects" Outlook Express by downloading and installing patches for it from Microsoft?
My company sends out bulk mails on a regular basis. We take every precaution to not "spam"... we provide real opt-out links, we use subject lines that start with ADV: and always relate directly to the content, and we provide contact phone numbers in every email. And yet, some prick decided to report us to SpamHaus and now several of our customers can no longer receive support via email because their corporate mail servers subscribe to SpamHaus and won't let our valid support correspondence through. It should always be up to the user to filter their email. Blanket wiping email at the SMTP level is a very dodgy operation. Just ask the thousands of AOL users who've had valid emails 'blackholed' without warning. Drew
No. Scott Dorsey is a techie. His message, like most NANAEs, would be: "Your hosting customer foo.com is spamming. Evidence enclosed. Shut them down." HostEurope's reply was (BS removed) "You should ask the spammer to remove you. We won't do anything." Anyone who hunts spammers (for work or hobby) can tell you EXACTLY what their reply means.
OK, I'll email Host Europe now and ask them for their side of the story. This thread will probably be closed by the time I get an answer, but I guess there is some way of contacting you on your website?
Virtually serving coffee
Yes, you can find my address on my site. Alternately, you could repost this problem on NANAE with a subject line that includes the string S1995 and get their evidence firsthand.
Had a quick look at some of those links, not very impressed, some of them argue that Host Europe should be blacklisted because it is blacklisted... Like I say, I'll tell you what response I get.
Virtually serving coffee
DNS was never particularly necessary. It was useful for the blocking lists because it's a lightweight query-response tool that everybody has and it was easy to add a DNS-based check to sendmail.cf. But sendmail is Turing-complete, so you can use whatever you want :-) And you certainly don't need to use zone transfers to distribute the data, though again, that's convenient, but you could just as well use something else to distribute it.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Sorry. From your comment, it is clear that I need to flesh out the details.
First, the metaphor: the system I am proposing can be thought of as 'reusable stamps.'
The stamps are granted to SMTP servers by routers, and paid for by the owners of the SMTP servers. Those owners would then be responsible for recouping their monies from users. Here is a typical scenario:
1. User A pays a modest ($2) deposit on signing up with his ISP provider, who runs trusted server S1. This fee is deposited by S1 into its account contained on router R.
2. A logs in to his provider and sends an e-mail M via S1. Since A is logged in, S1 knows who is sending M. S1 stores the messageID of M and the UID of the sender.
3. S1 now digitally signs M and sends it to R.
4. R sees trusted signature and places a stamp (encrypted) on it. M is now 'live'. All other routers see the stamp and wave it through.
5. The message arrives at trusted server S2, who delivers it to the box of B.
6. B decides whether or not to redeem the stamp (i.e., to mark M as spam). If she does, then she sends a redemption request through S2. S2 digitally signs this request, verifying that the stamp on M (with messageID) is to be redeemed.
7. The original router receives the request and verifies the sig and messageID. If it checks out, S1's account is decreased $.02 and S2's account is increased by same.
8. The owner of S2 will have responsibility to fairly deal out the money.
9. After three days, an unredeemed stamp expires and M is 'dead'.
That's the detailed version. It's not theoretically perfect. It is spoof-proof, though, because the stamp is attached to the messageID which comes from the SMTP server. The server remembers the UID of the sender, not the contents of the "from:" line.
I can certainly envision bad things happening: someone could hack my account, someone could declare my innocent e-mail to be spam, etc. But, in all of those scenarios, the cost to normal users would be small -- $2 or so, until they noticed that they couldn't send e-mails anymore. By contrast, the cost to frequent spammers would be large.
One final point: users of free (anonymous) accounts would not be able to withdraw money from their accounts. This is a small problem, but not an important one. The emphasis is not on getting rich by receiving spam, but on (1)penalizing spammers, and (2) allowing individual users to decide what is spam to them.
Regards,
Jeff Cagle
Human being (n.): A genetically human, genetically distinct, functioning organism.
> The more laws we pass, the heavier the book becomes and the more brain damage it will do.
This might do something to virus coders, but I don't think severe brain damage would do much to slow down the average spammer. It might even help them type so badly as to get past your filters (once).
Mal-2
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Good points, actually. I wonder why you were modded to 0?
You're right, I am out of date. I created a Yahoo account to decoy spam, I use it for anything that will be posted or submitted, and I really don't get spam. I've stopped thinking about it. OK, I occasionally look at the spam folder on my decoy account, and I still get viruses, but it does not bother me enough to check tactics. Which does not mean that I would not like to see spammers sued into commercial oblivion.
You got me into this! You were the ideologue! I'm only a poor assassin! - Twenty evocations, Bruce Sterling
junkgoof wrote:
Thank you. It's nice to get a reply from someone who can deal with the facts and isn't a raving, foaming-at-the-mouth political nitwit.
My post wasn't modded down; my karma had been damaged earlier in the day by three politically-based attacks on two of my posts by one or more silly children who shouldn't have been entrusted with mod points. One, a post chock full of factual information, was first hit as being "Overrated" at 1, then as a "Troll" at 0, leaving it at -1.
Re:Tax systems
Re:I'd rather have a sales tax than an income tax
Take a look at them and judge for yourself whether either deserved "Overrated" or the second one also deserved "Troll." Better yet, look at the posts to which they are replies and read mine in context.
Being modded down dropped my slashdot karma level to "Bad," which affected the starting score of any new messages I might post. While the nitwit was doing that, I was posting elsewhere in slashdot on the topic of spam, so if you find any value in my comments about spam and Filters that Fight Back (and as far as Paul Graham knows I am still the first and only person on the planet actually implementing FFB), you (and others) might be annoyed that the effect of the political moderation was to reduce the visibility of my messages about spam.
If you search for messages posted by me you will find at least several in which I make the case that Filters that Fight Back is presently the only effective way to carry costs back to those who pay for the spam to be sent. It's not my idea; it's Paul Graham's idea:
Paul Graham
Paul Graham is the man who brought us Bayesian filtering in his August, 2002 paper, A Plan for Spam. Many software developers have since incorporated Bayesian filtering in one form or another into email clients and servers. This year he offered new thoughts Filters hat Fight Back, and I've been implementing them.
Along the way I concluded that I don't care whether or not I confirm that my email address is "active." The spammers are already sending me spam inviting me to visit their Websites. OK, I'll visit. I'll visit every URL they send me that looks like a spam Website, and for good measure I'll download the entire site for research purposes. Every URL, every time.
Thanks again for being a real person. BTW, my seppuku sig was not directed at you or at any particular poster. It's a general comment on the frequency of moronic posts. Being out of date or not having kept up to date on the latest in spam technology is not moronic.
Look at the bright side: there's always seppuku.
You might be right. However, there is one final argument that I would make. The servers are not 'trusted' because they are known good agents. The servers are 'trusted' because they maintain accounts with real money on the routers. The routers are the ones which maintain the funds, so that even the servers must pay up front. So perhaps I should have expressed the algorithm as 'servers' and 'trusted routers.'
Now, admittedly, we have to trust the routers.
However, because two routers have to sign off on a stamp redemption event, it would seem that a single bad-acting router could cause limited damage.
Regards,
Jeff Cagle
Human being (n.): A genetically human, genetically distinct, functioning organism.
I agree that your posts are overrated, but I think the troll label is a bit much. I think people are using "troll" to identify people they disagree with. I got a "troll" recently for saying spamming and political contributions are not free speech, and should not be protected.
You got me into this! You were the ideologue! I'm only a poor assassin! - Twenty evocations, Bruce Sterling