Spamhaus Guru Steve Linford Profiled

BenLev writes "The New York Times has an article profiling Spamhaus Project director Steve Linford. The feature goes behind the scenes at Spamhaus, 'one of the leading groups that is trying to make the world safe from junk e-mail', showing that it operates from Linford's houseboat on the Thames near London, spammers don't like him, and his volunteer corps likens itself to the X-Men."

good idea.

[waitigetit]

I like the idea of the do not spam registry that they mention in the article. But it seems like a real pipe dream considering how much trouble there has been getting the do-not-call registry up and running.

Also, most telemarketing is done from in-country because of LD charges. Not so with e-mail. It's pretty hard to enforce US laws on a Taiwan spamhaus.

Ah well, every little voice against spam warms me a little at least.

Re:good idea.

[Phroggy]

I like the idea of the do not spam registry that they mention in the article. But it seems like a real pipe dream considering how much trouble there has been getting the do-not-call registry up and running.

Compared to spammers, the sleaziest telemarketers are shining pillars of ethical perfection. Telemarketers will not abuse the Do Not Call list - if nothing else, than because they REALLY fear the FCC (and FTC or whoever winds up administering it). They run legitimate, legal businesses, and can't afford to run the risk of breaking the law.

Spammers, on the other hand, care not for such things. If there ever were a Do Not Spam list created, and it was done in such a way that the list itself would not be published, you can bet somebody would write a script to randomly generate billions of e-mail addresses, check every one of them against the Do Not Spam list, compile a list of every e-mail address that matches, and sell it as a list of confirmed opt-in e-mail addresses on CD-ROM for $500.

Re:good idea.

[waitigetit]

If the only reason they don't call you is fear for punishment, that does not make them ethical.

I think a more important difference is that it costs them money to call you. So, basically, a Do Not Call list saves them money because they do not need to call people who hate telemarketing.

Re:good idea.

So call me a troll, but...
It's pretty hard to enforce US laws on a Taiwan spamhaus.

And why exactly would anyone want to use US law in this case? Hasn't it been proven to be about as toothless and worthless, not to say non-existant end sometimes even endorsing spammers? Thanks, but no thanks. It would be like trying to get rid of cockroaches by drowning them in excrements.

If anything, a law which actually tries to stop these sleazy vermin should be used. If the mentioned EU law/directive is that much better than US "law" as it seems at first sight, I believe that should be used.

If later China get their act together and decides this is a capitol offence (after all, they do still execute people en masse on large arenas - letting people watch the executions), I wouldn't mind at all watching Ralsky & Co. fry in the chair - on web-TV. They are after all among the worst vermin on the planet. Far worse for far more people than e.g. ebola or anthrax.

If there was a fund to have these pests terminated, I'd happily pitch in a 50.

Re:good idea.

You're overreacting somewhat.

The idea that having unsolicted email advertisements sent to you is worthy of capital punishment is just ridiculous. You need to get a moral clue.

Re:good idea.

[ThereIsNoSporkNeo]

Not that I'm advocating Capital Punishment, but let's look at this another way...

Let us suppose that 500 million people have access to email.

Let's say that they spend 20 seconds a day dealing with it.

That's 10,000,000,000 seconds,
166,666,666 hours
6,944,444 days
19,013 years
271 lifetimes (Given 70 year life)

That's per day.

Re:good idea.

[_Sprocket_]

I think a more important difference is that it costs them money to call you. So, basically, a Do Not Call list saves them money because they do not need to call people who hate telemarketing.

If a national Do Not Call list saves telemarketers money, why are they fighting it? Heck - why hasn't there been a private firm jumping on this niche?

Telemarketers WANT to call everyone - even those who would prefer not to get calls. One good reason for this seemingly odd behavior is that some of these people don't want sales calls because they're prone to sales pitches.

Re:good idea.

[jpetts]

I think a more important difference is that it costs them money to call you. So, basically, a Do Not Call list saves them money because they do not need to call people who hate telemarketing.

I've spoken to the husband of a friend who works at a telemarketing place, and actually telemarketers hate the DNC list, since it allows people who have problems with saying no and confrontational situations - vulnerable people who are one of the telemarketers' main targets - to say no anonymously, with no conflict.

If (and only if) such people didn't contribute large numbers of $$$ to the telemarketers' profits, then the latter would love the DNC list.

Re:good idea.

[taustin]

That's easy to deal with. You seed the list with spamtrap addresses. When (not if) a spamtrap address gets spammed, the FTC tracks down the ethikul bidnez it is advertising and tells them "Either you roll over on the spammer, or you take the fall." And when the spammer says "We bought the list from someone else," you tell them, "You're still in violation for not checking these addresses, but we'll refrain from criminal charges if you roll over on who you bought it from."

Still doesn't deal with off-shore spammers, though.

Re:good idea.

cat >> /etc/hosts.deny
ALL : *.tw
^D

Re:good idea.

Actually, that's not true anymore. It's cheaper to put all the telemarking centers in India, then have a bug phat pipe where all the VOIP data flows, and switching centers in the US.

So Indian telamarkers would get a local USA WATS dialtone with "flat rate nationwide" calling.

After all, since all our jobs are now going to India, (which really really SUCKS), this would be the norm.

Re:good idea.

[riffer]

Absolutely correct. Spammers don't use their own money and resources they criminally hijack server space, bandwidth and more in order to perform their "business".

Plus the majority of spam is either totally fraudulent (i.e. 491 Nigerian crap, MLM schemes, etc) or 80% fraudulent (herbal viagra, weight-loss pills, etc... People who order that shit usually get something in the mail but it's not going to work as claimed).

Since spammers are now willing to unleash whole new virus schemes just to generate the open relays/zombies needed to do their dirty work, I think we're approaching the point at which only physical action will have a lasting result. Be it confiscation of the spammers business, assets or straight-forward horse-whipping.

And no, I don't think violence is always a solution, but it's a rpetty basic human trait. You piss enough people off long enough, eventually you get your ass kicked...

Weird analogy

[tangent3]

If the volunteer corps are the X-Men, then what are the spammers?

Re:Weird analogy

[nagora]

If the volunteer corps are the X-Men, then what are the spammers?

The Brotherhood of Evil Mutants, of course!

TWW

Re:Weird analogy

Explaining jokes always makes them more funny.

Re:Weird analogy

If the volunteer corps are the X-Men, then what are the spammers?

Lying sleazeballs sacks of subhuman shit undeserving of air, water, food, or mercy.

Adding info to DNS servers

[Space+cowboy]

What happened to that proposal to add records (as comments, so the DNS protocol wasn't broken) to the DNS saying that a domain was authoratative for the envelope 'From ' header ? That sounded like a good idea, so long as the MTA's took it up...

Simon

Re:Adding info to DNS servers

[iay]

What happened to that proposal to add records (as comments, so the DNS protocol wasn't broken) to the DNS saying that a domain was authoratative for the envelope 'From ' header?

It is still an internet-draft. I think the URL for the current version is here.

That sounded like a good idea, so long as the MTA's took it up...

Yes, unless a really high proportion of the people who send you mail made these records available, you couldn't block mail that didn't have it. It might work as a "probably not spam" indicator in things like SpamAssassin at some lower level, though.

Re:Adding info to DNS servers

[The+Famous+Brett+Wat]

There are quite a number of such proposals. For instance...

• Designated Senders Protocol: A Way to Identify Hosts Authorized to Send SMTP Traffic
• A DNS RR for simple SMTP sender authentication
• Repudiating MAIL FROM

...among others. The Internet Research Task Force Anti-Spam Research Group (IRTF ASRG) currently has a sub-group specifically dedicated to the unification of these proposals. This is a relatively recent initiative (only about a month old). You can find archives of the discussion at gmane.org.

Re:Adding info to DNS servers

[sorlov]

This discussion (at gmane.org) clearly shows that the main problem is not technical but social. All proposals are good enough to make spammers' life harder. But people can't work together. That is why the unification fails, the is why SMTP can't be replaced in the near future, and that is why a simple SMTP sender authentication will take year to be implemented worldwide.

These guys block pretty large blocks.

[ron_ivi]

Few weeks ago, much of my email was blocked because because spamhaus.org was blocking a huge (69.64.32.59/20) range that contains our address.

My particular server (a dedicated box) was innocent, but my hosting facility had spammers on other dedicated boxes.

Isn't blocking a /20 like swatting flys with a hand grenade?

Re:These guys block pretty large blocks.

Mod parent up.

We need more fundamental approaches to block spam. Bayesian filters are our best technical solution. We cannot do any better without bringing in human and political factors.

Anyone thought of pressing charges against spammers for costing taxpayers billions of dollars (in CPU cycles for mail daemons, lost productivity etc)? What about asking China to extradite them to the US? Or some place where they still have good old firing squads?

Re:These guys block pretty large blocks.

AC wrote: Anyone thought of pressing charges against spammers

How about pressing charges against the blocking-services when they block valid emails?

Re:These guys block pretty large blocks.

So what your saying is that your hoster KNOWINGLY cooperated with spammers and refused to take any action for a minimum of weeks, and most likely months, before Spam Haus escalated the entire IP range do to inaction. System administrators across the world trust Spam Haus' reasoning and blocked any traffic originating from the offending netblock into THEIR OWN PRIVATE PROPERTY. And you feel this this is wrong???

Re:These guys block pretty large blocks.

[Indy1]

/20 isnt that agressive. Probably your isp kept moving the spammers around and spamhaus said fuck it and plonked a bigger range. Stop blamming the blacklists and start yelling at your isp to stop hosting spammers. If your going to live in a crackhouse, dont be surprised when your friends refuse to visit you.

Re:These guys block pretty large blocks.

[ron_ivi]

I didn't say I felt it was "wrong" that owners of networks can block whatever email they want. I agree with their right to do so whether it's because some blacklist says it's IP address is within a few hundred of a spammers, or whether it contains keywords suggesting it's pr0n.

I'm just pointing out that there are quite a few false positives when large IP ranges are blocked.

Any low-cost hosting (in this case, an under $50/month dedicated linux server) that offers the users the ability to run whatever services they like may attract spammers. My hoster does have policies to stop spammers, but with affordible single-dedicated-system hosting spammers come and go. IMHO, blocking large ranges doesn't much affect the spammers or the hosters in this case - it just causes a minor inconvenience to others on the same ip address blocks who have to temporarily route their email through their DSLs for a while.

Note I'm not saying this policy is "wrong" or "right"; and I agree organizations can block whatever they want. I just think blocking large address ranges does as much to create false-positives than to block spam.

Re:These guys block pretty large blocks.

"If your going to live in a crackhouse, dont be surprised when your friends refuse to visit you.".

Wow. What fickle friends.

Re:These guys block pretty large blocks.

If your going to live in a crackhouse, dont be surprised when your friends refuse to visit you.

Clearly your friends don't do as much crack as mine do.

Re:These guys block pretty large blocks.

[djmurdoch]

Note I'm not saying this policy is "wrong" or "right"; and I agree organizations can block whatever they want. I just think blocking large address ranges does as much to create false-positives than to block spam.

But that's the point: the target is the ISP that provides hosting to the spammer. By blacklisting large parts of its address space, it's going to lose legitimate customers. This is supposed to create pressure on it to reform.

I prefer blocking actual spammers, but even that's going to create false positives: if they highjack a user's machine to send spam and I block it, I'll also block that user's email, and probably the email from whoever inherits that IP address after the user logs off.

Re:These guys block pretty large blocks.

As if spamhaus can even be considered 'friends' of anyone. These activists are so into their little anti-spam games that they can't see past the ends of their collective noses. Idiots.

Re:These guys block pretty large blocks.

No, just someone who believe that there are better technical solutions to this mess of spam than having a bunch of vigilantes deciding who should be blocked from sending any mail at all.

Re:These guys block pretty large blocks.

[dipipanone]

How about it? Its a pretty ridiculous idea because they aren't actually blocking *anything*.

Other people are, acting on the information that they provide. Doesn't the USA have rules about freedom of speech and freedom of information?

Do you think it should be made illegal to tell the world that a certain IP block is generating high levels of spam? Because that's all that Spamhaus effectively does.

Re:These guys block pretty large blocks.

[dmaxwell]

Clearly your friends don't do as much crack as mine do.

Darl? Is that you?

Re:These guys block pretty large blocks.

[dipipanone]

No, just someone who believe that there are better technical solutions

Talk is cheap. If you believe there are better solutions, I suggest that you implement them. If you're correct, people will use them.

Till then though, we'll stick with Spamhaus.

Re:These guys block pretty large blocks.

Bayesian filters are our best technical solution.

Except they don't actually block spam.

A filter (whether bayesian or otherwise) has to examine the content of the message - it can't do that until it's received the message.. so by definition, a filter can't block spam.

Blocklists are the only way to block spam.

Re:These guys block pretty large blocks.

I just think blocking large address ranges does as much to create false-positives than to block spam.

The point is that if your ISP has repeatedly ignored the problem, then there are no false-positives.

Until your ISP cleaned up their act, you were (indirectly) gaining a benefit from the spam, in the form of cheaper hosting.

Re:These guys block pretty large blocks.

Fee fi fo fum, I smell a spanked spammer

Ah, yes, the old "either you are with us or against us."

Y'all should be careful about calling folks spammers. Just how many spammers do you think there are out there anyway? Some of us disagree with the extreme anti-spamming measure because they hurt innocent people. (Yes, I know by your definition anyone hurt by blacklists must be a spammer therefore you don't care.)

Re:These guys block pretty large blocks.

[frankie]

spamhaus.org was blocking a huge (69.64.32.59/20) range that contains our address.

Are you absolutely 100% sure you were blocked by Spamhaus and not by SPEWS? Spamhaus generally tries quite hard to avoid "collateral damage".

Re:These guys block pretty large blocks.

[frankie]

Dammit, stupid non-optical mouse jumped and I hit Submit instead of Preview.

Anyways, I meant to say that 69.64.32.59 is listed in SPEWS and it is not listed in Spamhaus. Given that the wider-reaching SPEWS only lists a /24 in that vicinity, I find it higly implausible that Spamhaus would drop a /20.

Instead, I am starting to consider the notion that there is a pro-spammer astroturf campaign being waged against blocklist sites.

Re:These guys block pretty large blocks.

...as if spammers aren't hurting innocent people too.

Re:These guys block pretty large blocks.

[tivoKlr]

Well, they dropped a /18 against us, and one of our business partners was using the sbl from spamhaus. Consequently we couldn't communicate with them until they whitelisted us.

I contacted them 3 times and only received curt responses saying that we should have known better than to host with such and such hosting company, and that there was nothing they could do...

I don't claim to know much about the spammer world, except that I get a ton of it, but obviously our little operation must not fall under the description of "collateral damage"

BS

Re:These guys block pretty large blocks.

Hey, this is pretty cool.

Time to find a free-internet-built-on-the-backs-of-advertiesers model like tv and radio!

Re:These guys block pretty large blocks.

[Dimensio]

Instead, I am starting to consider the notion that there is a pro-spammer astroturf campaign being waged against blocklist sites.

Starting?

Haven't you heard of "antispews.org"? It's dead now, but it was a clearly spammer-run outfit claiming to serve the "victims" of SPEWS in tracking down whomever ran SPEWS and suing them. Full of bluster on how they were "this close" to exposing the organization, they were a relatively reliable source of amusement in news.admin.net-abuse.email

Re:These guys block pretty large blocks.

Sure, after the mugger takes my wallet, you should kick me because I'm one of those poor people contributing to crime.

Re:These guys block pretty large blocks.

[whoever57]

I'm just pointing out that there are quite a few false positives when large IP ranges are blocked.

If it is SPEWS that blocked you then you have mis-interpreted SPEWS' mission. SPEWS aims to list areas of the Internet from which SPAM is likely to come. Blocking is intended to get the non-SPAM customers to pressure the ISP's by either moving to another ISP or complaining.

Essentially, SPEWS tries to take away the economic benefit of hosting spammers from the ISP.

Re:These guys block pretty large blocks.

[ron_ivi]

Both Smaphaus and SPEWS blocked the range at different times.

Spamhaus was quicker than SPEWS at undoing the blacklist - and again, it appears spammers were in the blocked range so I'm not blaming either organization or anything - Just pointing out that (by design or otherwise) blocking wide address ranges do some collateral dammage.


63.205.228.48 does not like recipient.
Remote host said: 554 Service unavailable; Client host [69.64.33.64] blocked using sbl.spamhaus.org; http://www.spamhaus.org/SBL/sbl.lasso?query=SBL101 08
Giving up on 63.205.228.48.

Re:These guys block pretty large blocks.

[ron_ivi]

Both Smaphaus and SPEWS blocked the range at different times (bounce excerpt below).

Spamhaus was quicker than SPEWS at undoing the blacklist - and again, it appears spammers were in the blocked range so I'm not blaming either organization or anything - Just pointing out that (by design or otherwise) blocking wide address ranges do some collateral dammage.

Here's the old bounce message.

63.205.228.48 does not like recipient.
Remote host said: 554 Service unavailable; Client host [69.64.33.64] blocked using sbl.spamhaus.org; http://www.spamhaus.org/SBL/sbl.lasso?query=SBL101 08
Giving up on 63.205.228.48.


And in defense of my ISP, yes, I realize I get what I pay for, and for $49/month a dedicated server where I can run whatever servers I want is still valuable to me. They have a no-spam policy that they do enforce - but they default to presuming innocence, which makes them easily taken advantage of by spammers. As far as I can tell, they do a reasonable job at cutting off the spammers once their identified (and therefore spamhaus removed the blacklist) - but with the presumption of innocence more spammers occasionally come back.

In regards to the poster who suggested that I was hosted in a bad neighborhood, IMHO it's sad to think that high-monthly-ISP-costs may be the best way to prevent spam, by making it too expensive for a spammer to get a dedicated server.

Re:These guys block pretty large blocks.

Care to name where you were hosted?

No, not that I care - I just want to make sure I never host there. From what I've seen, it takes a LOT of spamming to ever get IP space that large in the SBL. You must have been in a spamhole of great size.

Re:These guys block pretty large blocks.

As far as I can tell, they do a reasonable job at cutting off the spammers once their identified

I doubt that. The symptom of a host dong a BAD job at cutting of spammers is their ending up in the SBL (or SPEWS).

"Serverbeach" - well, yep, you do get what you pay for. I think the guy who "cuts off spammers" works about one day a month.

Re:These guys block pretty large blocks.

[Follow up]

Well, lookie at the banner ad that just popped up on /. ~~~ Serverbeach, home of lots'o spammers.

http://ads.osdn.com/?ad_id=622&alloc_id=3241&site_ id=1&request_id=5711987&1068516875950

Will this comment post... or is the /. auto-censor running? ;-)

Yadda yadda yadda

[Phroggy]

Non-NYT site

Lucky me?

[Spillman]

The thing I don't understand is why I never get spam. Everyone complains about getting spam. I only get e-mails from things I sign up for. maybe I'm just careful, my hotmail account used to get spammed alot, and when I ran a linux mailserver I made a pretty script to add mail server that sent me spam to ipchains. I don't get it.

But, I don't like spam!!

Re:Lucky me?

[Burb]

One reason might be that spammer's can't guess your email address by dictionary searching. Case in point: my wife set up an email account some years ago and used a name based on a "Peanuts" character. For various reasons she didn't use the account and I'm fairly sure she did not sign up for any mailing lists etc. so the name was not published. Then all of a sudden she gets 20-30 porn messages a day into the account, because some spammer decided to try

Re:Lucky me?

[the_womble]

Me to.

I used to get 10 or 15 a day to one particular address: it had been on my web site for about 5 or 6 years and was the catch all address for a tree letter .com domain.

I stopped using it, and stopped using a catch all, so now I get hardly any spam.

How do people end up getting huge numbers of spam? What is different? Is it just common names and guessing? No becuase Then I should still have got a fair amount to the domain as a whole.

What worries me is that the side effect of most anti spam measurers in the long run will be to make the internet more corporate run (e.g. stopping people running their own mail servers, making life harder for small ISPs when they find it hard to get off blacklists etc.)

Re:Lucky me?

I get about 1500 spams a month to my email address. I've had this address for about eight years now and the frequency of spams has increased as time goes on. It used to be quite a chore to delete them but since installing a Bayesian filter I've had no problems, most of them are filtered out and there has only been one false positive in three months.

Re:Lucky me?

[DonGar]

Another source (not often mentioned) is having domains registered that refer to your address in their contact info. I don't have solid numbers, but I suspect that this leads to at least 100 of the 1000 spams I get a day.

Re:Lucky me?

[stripe]

One irritating thing, is that I did not get any Pr0n spam for years until I signed up for a Microsoft support web site. Seems most of the sites I have been to keep resonable security on their email lists but Microsoft showed their usual lack of due diligence about security.

Re:Lucky me?

Not on OUR network... If anyone tries a dictionary scan, they would immediately wind up on the "shitlist", be logged and traced back to their IP address. Our Crunchbox already has rules to detect this, and you would be amazed at how much of this is going on.

We traced most of these probes back to IRC servers running bots which are looking for infected hosts. This is how we find them. We let them tell us where they are, because these stupid scan programs are so dumb. Kinda like a bull in a china shop.

Spammers make a lot of noise, which COULD be their downfall.

When these EVENTS enter our network, we are alerted, and it usually means a spammer is currently engaged in their spammer binge, as all the infected hosts "wake up" and starts spewing out spam from a zillion different IP addresses (all being logged of course), so we can just shut them down in hours (if the ISP's ever get their act together).

We are shutting down about 650 spam proxies per week.... but it's kinda like swatting flies....

I'm working on an "auto-reporting" system, which could increase this to about 50,000 per week. Right now, I'm doing this manually.

It's actually starting to make a "dent" in the overall amount of spam on the internet.

Our "spam sucking" email addresses are on EVERY spammer's mailing list, as it sucks in spam from everywhere. The more we get, the more proxies we can kill. (grin)

BenLev working for spammers?

Seems www.spamhaus.org has been /.'ed.

Was this the goal all along? DDoS via /.?

The X-Men

[Chromodromic]

... his volunteer corps likens itself to the X-Men ...

Yeah, well, I'll bet none of his volunteer group looks anything like Jean Gray, Storm, or Rogue, but I'll also bet they play them online ...

What're the odds that...

Some spammer goes and tries to sink his houseboat? They'd now know how to find it...

false positives from spam blocking.

Blocking a /20 sounds excessive.

Does anyone rate spam blocking sites based on how few false-positives they produce?

I'd be happy to tolerate a few more pieces of junk mail getting in, if I had confidence that I wasn't losing anything valuable.

Re:first

[BlowMonkey]

I get spam emails from this company, telling me to use their software to eradicate spam .. Pot calling the kettle black?

Bullcrap

[Raul654]

1) That's 3 clicks per email * the rate at which you gets spams. It adds up after a while

2) There's always the chance of a type 2 error - you could lose (either through accidental blocking or unintetional deleteing) an important email.

3) You pay for the bandwidth that they waste, in the long run. They are simply shifting the price of getting in touch with you from themselves to you. In effect, they are calling you on your dime.

Re:Bullcrap

[GwabbaWabba]

1) That's 3 clicks per email * the rate at which you gets spams. It adds up after a while

I receive quite a bit of spam. I'll grant you that it does take a bit of dealing with everytime I fire up my mailbox, both at home and at work, it certainly doesn't have an appreciable effect on my schedule.

2) There's always the chance of a type 2 error - you could lose (either through accidental blocking or unintetional deleteing) an important email.

I don't understand how you think this criticism applies to allowing spam but not to blocking spam. It's pretty clear that it happens whether you allow spam or attempt to block it in the way that's being discussed.

3) You pay for the bandwidth that they waste, in the long run. They are simply shifting the price of getting in touch with you from themselves to you. In effect, they are calling you on your dime.

How is this the case?

Re:Bullcrap

1) That's 3 clicks per email * the rate at which you gets spams. It adds up after a while

With some mailreaders (yahoo mail) it can approach 1-click-per-email. (check boxes to select the spams, and block/submit-to-yahoo them all in a single action)

2) There's always the chance of a type 2 error - you could lose (either through accidental blocking or unintetional deleteing) an important email.

IMHO, Less likely than with someone else choosing for you.

3) You pay for the bandwidth that they waste, in the long run. They are simply shifting the price of getting in touch with you from themselves to you. In effect, they are calling you on your dime.

Depends on your mail client. With Yahoo mail, and IIRC any IMAP mailreader you don't download the bodies unless you open the messages. Just the subject-index is low bandwidth.

Re:Bullcrap

[morganjharvey]

There's always the chance of a type 2 error - you could lose (either through accidental blocking or unintetional deleteing) an important email.

Yeah, no kidding.
I've gone throught this. This guy tried to send me an email. Pretty important stuff. I ran into him two weeks later and he asked why I hadn't replied to his email. I told him I never received it, so we both just figured he sent it to the wrong address (why he didn't get a bounce though...) This guy was using something like yahoo or hotmail for his email.
About two weeks later, my sister, who up until then had been sending me email just fine through her hotmail account, tried to forward me the itinerary for a plane ticket she had just booked me using a different account. After a week of trying, I had her send it to a different account. Worked fine.
Turned out that my ISP had some crazy spam filtering on. Just for fun, I had them turn it off for my account. Seems as if the first guy's account was getting blocked by the filter (crazy username + hotmail is a pretty good sign of spam), but I can't figure out why my sister's .gov address was being blocked.
About a month went by and I still hadn't received any spam. Now I'm getting about two pieces a day, and I still haven't given that address out to any forms or nuthin'. If I ignore it or click on the "remove my name" link, it'll only get worse, but if I have them turn the filters back on, I'll miss some emails that I'd really rather not, and I don't want to have to tell my ISP every time when an email address is legitimate.
<sigh>
Seems like it's just an uphill battle. Perhaps it's time to buy off the senate -- I mean, "lobby"?

Re:Bullcrap

[Analysis+Paralysis]

I receive quite a bit of spam. I'll grant you that it does take a bit of dealing with everytime I fire up my mailbox, both at home and at work, it certainly doesn't have an appreciable effect on my schedule.

That seems a bit of a contradiction - saying it takes time but doesn't affect your schedule. Even so, how about if you received 1,000 spams a day? 1,000 an hour? See the problem? Also many spams are fraudulent ("herbal viagra", pump-and-dump stock scams, phishing emails purpoting to be a bank security check) which cost the unwary money - or offensive (fancy having children receive a link to a beastiality website?).

I don't understand how you think this criticism applies to allowing spam but not to blocking spam. It's pretty clear that it happens whether you allow spam or attempt to block it in the way that's being discussed.

Deleting stuff manually means more chance of a finger-slip trashing a real message than having email from known "spam havens" blocked.

How is this the case?

Your ISP has to spend money on faster links and mail servers with larger disks and faster processors to deal with the 50%-80% of email traffic that is unwanted. This will be reflected in the charges they levy on you for access.

Superfast Satellite Connections?

But spammers had better not relax. With superfast satellite connections, he plans to hunt them down from the high seas.

Where can I sign up for these superfast satellite connections? :P

We've got all the laws we need

[jmv]

I really believe that we currently have all (well mostly) the laws we need to stop spammers, if only they were enforced. Even if SPAM is still not illegal in most places. What most spammers do is illegal. Instead of fining a spammer for sending Nigerian scams, jail him for fraud. Instead of fining a viagra spammer, jail him for cracking in other people's computers in order to send the spam. Much more effective I think. Why go for "minor" civil offense when the spammer is actually guity of a criminal offense. I know not all spammers commit crimes, many do.

Actually, you don't

[simong]

You get email from someone pretending to be Spamhaus in order to discredit them.

spammers will only slit their own throats.

[Indy1]

Qoute

"Mr. Linford said he believed that spammers could be contained, if not eliminated. A tough new anti-spam law in Europe will help, he said. The proposed Can-Spam act in the United States, he said, is not tough enough, but he figures that when it fails to work, Congress will have to make a stronger law. But Mr. Linford gloomily predicts that spammers will simply move more of their operations to Asia and Latin America."

Fine, let the spammers move their servers to asia and latin america. I've already banned so much of
LACNIC and APNIC ip ranges (excluding the known .nz and .au ranges) that i doubt i'd see any spam from these regions in the future.

Re:spammers will only slit their own throats.

Agreed. Force spammers out of countries I don't need to communicate with, then fence them off in the third world and wait for those countries to get their act together.

Re:spammers will only slit their own throats.

[Fluffie]

In your own pissant little way, I am quite happy for you to filter out the entire of APNIC space. Nothing you have to say could possibly be of interest to me. (I like how you unblock NZ and OZ, but not SG where they also speak English, I guess that means you are american.)

Now, if the US in toto were to block APNIC space, people might notice, but not you. It works for you because you are insignificant.

Just a matter of time until we get secure email...

[Kulic]

I'm not saying that it will happen anytime soon, but I honestly can't see guys like this stopping spammers as a whole any time soon.

I don't get a lot of spam, mainly because I don't post my email address all over the internet, but I would love to use a secure (PGP or other) email client. Sure, I could set one up now, but how many of my friends/colleagues will also be using it? Not many at all.

Computers are supposed to be tools used to enhance our productivity. Sadly they quite often do the opposite, mainly due to things like spam. I doubt that any progress will be made in fighting spam until Microsoft/Apple include authentication options in their default mail applications.

Re:epitome of laziness

[ctr2sprt]

I get about 180 spam mails a day. Now I can get Mozilla to block all but 2 or 3 of those... but it also classifies every NON-spam message I get as spam. So I have to weaken the filters, and now about 20-30 messages a day get through. And unfortunately that's still over my limit of how much I can effectively filter mentally. As much as I stress to people that any emails they send me with generic subject lines (like "Hello" or "Last night") are going to get thrown in the trash by accident, they still do it. And I still space out when manually filtering out spam and delete their messages.

It still only qualifies as an annoyance because I seldom do anything important over email. But the reason I don't do anything important over email is because I know spam makes it unreliable. Bit of a Catch 22 there. Seems like the reason spam is an annoyance and not a serious issue is that it's increasing fairly gradually. If there were this much spam back in '95, there'd be riots. (Among the nerds, which I guess means lots of really heated USENET posts about how Captain Kirk is so much better than Captain Picard.)

This doesn't seem to be helping...

[DeionXxX]

I don't know about everyone else but lately I've been trying to find work and I have come across atleast 4 opportunities to make 1.5 times my normal rate if I do some development related to spam. Each time I've interviewed I've told the employer that spam was a bad way to go and that it'd be illegal soon etc... but it seems like they've all had past experiences where spam has been highly profitable.

-- D3X

My latest endeavour... truly free porn www.NeoX3.com 5 mins movies supported by only a 15 sec commercial. No-popups or membership or catches.

Re:This doesn't seem to be helping...

[Ryokos_boytoy]

We (the dev firm I work for) was approached to do spamming. I went apeshit and said I would quit and report it to the FCC but they were offering real money and my bosses were tempted. So I turned off the blacklists and let them swim in spam a few days till they came to their senses. When he had 100+ spams everyday, he saw the light.

Re:This doesn't seem to be helping...

When I interview people, I'm very much interested in their past work. If they've ever done something that I feel is really wrong, I won't hire them, and I won't necessarily tell them the reason because there's nothing that they could change or do about it at that point.

Spamming and working for spammers is really wrong.

Re:This doesn't seem to be helping...

[Zebbers]

you're in the porn business

of course the people you work for spam

Re:This doesn't seem to be helping...

[moexu]

I'm really glad you took the ethical high road in refusing work for spammers.

How's the porn business?

Re:This doesn't seem to be helping...

[aurelian]

actually I think porn probably is higher up the ethical ladder than spam...

well, apart from the really dodgy stuff.

Re:This doesn't seem to be helping...

[DeionXxX]

Hah strangely I joined up with this company because they WEREN'T spamming. There are no pop-ups on the site, there are very few ads. What we offer is unlike anything else on the web. We offer 5 minute long clips supported by only 15 sec of commercial and a banner!

The companies that wanted to spam were in SEO and selling Tickets.

--D3X

Re:This doesn't seem to be helping...

[DeionXxX]

Hah strangely I joined up with this company because they WEREN'T spamming. There are no pop-ups on the site, there are very few ads. What we offer is unlike anything else on the web. We offer 5 minute long clips supported by only 15 sec of commercial and a banner!

There's nothing wrong with porn. We're not annoying anyone or using anyone's bandwidth unfairly. We don't have popups or any crap like that. We just offer lots and lots of 5min movies for free.

-- D3X

www.NeoX3.com , The One site you'll ever need for XXX...

Re:This doesn't seem to be helping...

PLEASE PLEASE - Using slashdot to promote (or make aware of) spam sites is VERY distasteful....

Re:This doesn't seem to be helping...

[DeionXxX]

Wtf did you not read the fact that there is no SPAM on the site and we don't spam. I only promote it because I built it and am proud of it. It's truly a new idea. People post links to what they do all the time like the autopr0n guy.

The end of spam

[heironymouscoward]

I'm surprised no-one has thought through the logical conclusions of where we're going with spam.

Spam filters work only for those able to configure them. For the vast majority of Internet users, they are just a dream.

Spam blacklists are unsustainable in a world where most net connections come across DHCP, and most spam is/will be sent from owned home computers.

Spam merchants will continue to harness the 'dark side of the force', paying crackes and virus writers to create the networks of owned machines they need to operate from... ... since there is nothing serious happening against any of these directions, the conclusion seems unavoidable. What I'd like to say is that
the Net will split into two halves, an "infected" and a "clean" part, and every single transaction from the infected part will be treated with scrutiny and suspicion.

But this is impossible too.

Conclusion: the purity of the net is a thing of the past. We will come to understand that traffic is bad until demonstrated good. Emails will be 99.999% junk, virus, and trojan, and the art will come not from filtering out this junk but from detecting the signal within the noise.

Clearly, whitelists are part of the solution but they are limited since you can't form a network of whitelists, it's a one-to-one solution that does not scale.

I see only one solution that is scalable. Data clearing houses. You register with me, I'll vouch for all your data, and pass it on to those who need it, along with my signature. A trust network, if you like.

Data clearing houses will rate each other, creating a system of moderation in which data is never guaranteed good, but at least you get a measurable index of confidence.

Re:The end of spam

[__aavhli5779]

I just wanted to say I think you have the right idea, and there are definitely movements in this direction.

Re:The end of spam

[djmurdoch]

Spam filters work only for those able to configure them. For the vast majority of Internet users, they are just a dream.

I think the vast majority of Internet users already use filters, but they are configured by the user's ISP, not by the user.

Spam blacklists are unsustainable in a world where most net connections come across DHCP, and most spam is/will be sent from owned home computers.

Updates of the dial-up list will stop this. Don't accept incoming email connections from machines using DHCP. It's hard on people who set up their own SMTP servers because their ISPs can't cope (e.g. sympatico.ca), but there are workarounds.

Re:The end of spam

[McDutchie]

Ah, here is another one who has found the Final Ultimate Solution to the Spam Problem.

Re:The end of spam

I prefer the method that Bill Gates proposes in his book, The Road Ahead.

Sending an email to someone carries a small nominal cost, that money going to the recipient. In normal cases, the recipient will be able, after reading the email, to choose to refund the money, and that's that. If the email turned out to be a spam, you won't refund the money, and spammers won't want to email you (and in general spamming won't occur so much) because spammers would be wasting their money and the practice would become unprofitable.

Re:The end of spam

[dipipanone]

I prefer the method that Bill Gates proposes in his book, The Road Ahead.

Uh-oh. I suspect that any method Bill Gates proposes regarding the internet is bound to suck.

Sending an email to someone carries a small nominal cost, that money going to the recipient.

And who administers these billions of micropayments, shuffling around the planet every day? Let me guess....

Wouldn't be Microsoft, by any chance?

I almost think I'd prefer the spam...

Re:The end of spam

Let face it, the number of machines that can send mail vastly outnumbers the number of machines that should. I think whitelists are definately the way to go. But central whitelists managed by the domain registrars much the same way as the root DNS. When you register a domain you'd register your outgoing mail servers too. That way just having control of a machine doesn't give you the automatic right or ability to connect to anyone else's mail server. Home ADSL/Broadband machines would never get onto the whitelist.

ISPs could register their mail relays used by their customers and throttle down or disable SMTP connections from spammers.

If anyone abused the system they'd be kicked of the whitelist and suddenly nobody would listen to them. That's a great incentive to fix your insecure mail server or exclude a spammer.

Spam Hating SysAdmin

Re:The end of spam

[Ed+Avis]

You can use Hash Cash where the 'payment' is in a small amount of CPU time burned by the sender. So no central authority is needed.

Re:The end of spam

[Nintendork]

While I agree with you that the only viable solution is a system where email is guilty until proven innocent, I don't believe that a "Data clearinghouse" is the answer. That idea is roughly the same thing as using digital signatures. If we take that route, spammers could buy one of them under a front business name for a total cost of $100 or so. They move quickly and pump out as much spam as possible until their certificate gets revoked. It'll make a dent in their bottom line, but everyone else also takes a hit because we now have to buy personal certificates.

-Lucas

Re:The end of spam

Thanks, that's hilarious..

Re:The end of spam

[taustin]

Spam blacklists are unsustainable in a world where most net connections come across DHCP, and most spam is/will be sent from owned home computers.

That was a problem solved several years ago. Many ISPs simply block any and all DCHP addresses that they can identify, and many specifically list their DHCP addresses with some of the block lists to make it easier.

This is because nearly all email from DCHP addresses is, in fact, spam, and most of the rest is from someone violating their AUP in the first place, running a server on a consumer account.

Don't give up your day job.

Re:The end of spam

[brassman]

Clearly, whitelists are part of the solution but they are limited since you can't form a network of whitelists, it's a one-to-one solution that does not scale.

Are you sure?

this didn't happen by accident

[RMH101]

your ISP or their upstream is spam-friendly and RFC ignorant. they've repeatedly ignored LARTS for spam, and this is the price they pay. Your mail is only blocked by ISPs who've voluntarily signed up with SPEWS/Spamhaus because it works for them. The idea is you and all the other guys it's pissed off will complain/take your business elsewhere and the ISP will be encouraged to behave responsibly. They've already ignored warnings, hence the voluntary block.

Re:this didn't happen by accident

[Tim+C]

your ISP or their upstream is spam-friendly and... this is the price they pay.

But they're not paying the price, the OP is.

The idea is you and all the other guys it's pissed off will complain/take your business elsewhere and the ISP will be encouraged to behave responsibly.

But what if there isn't anywhere else to take their business to? Perhaps they recently entered into a long-period contract, or there simply aren't any other providers that they can use (particularly possible if it's the upstream that's been blocked).

What are they supposed to do then, shrug their shoulders and say "Oh well, at least it's for the greater good"?

Don't get me wrong, I'm by no means spam-friendly, and I do support efforts to tackle it. I just think that some of those efforts are a little too wide-reaching. By all means block IPs, but specific ones, not whole ranges; it's not fair on the innocent bystanders that inevitably get caught in the crossfire.

Re:this didn't happen by accident

[_Sprocket_]

Don't get me wrong, I'm by no means spam-friendly, and I do support efforts to tackle it. I just think that some of those efforts are a little too wide-reaching. By all means block IPs, but specific ones, not whole ranges; it's not fair on the innocent bystanders that inevitably get caught in the crossfire.

Sure. Sounds great. Now - what do you do when the ISP in question just bumps the offending spammer to a new block of IPs? Or how about that one fast-burner marketing type at the ISP who's discovered that he can really pack his quota by tapping in to this market of "email-advertisers"? Do we all get another xK pieces of spam while everyone plays another round of whack-a-mole/spammer?

Re:this didn't happen by accident

The solution is to use an email provider that doesn't subscribe to spamhaus or other services, that way you won't be subjected to email outages. This doesn't solve the problems of folks you email _to_ not getting your email, but if those folks don't have good connectivity, theres not much you can do.

Re:this didn't happen by accident

[Dimensio]

But they're not paying the price, the OP is.

Forgive me for not caring. The ISP is supporting criminal activity by hosting spammers. As such, there's no reason for me to want traffic from that ISP. If the OP wants his mail to get through, then he should find an IP address not owned by a bunch of sleazebags who openly support and encourage criminal activity.

By all means block IPs, but specific ones, not whole ranges

That has been tried. It failed. The spam-friendly ISPs just moved their spammers around to new IP addresses and moved non-spamming customers into the blocked ones. At least by blocking the entire ISP, the "innocents" hit can't complain that they're being unfairly branded as spammers (well, they do, but that's because they don't RTFF).

Re:this didn't happen by accident

[mwood]

Hmmm, isn't there some sort of law to deal with someone who offers a service, collects the fee, then runs the service in such a way as to make it worth substantially less than the customer was led to believe? That is, couldn't there be legal means of breaking a contract with an ISP that operates in a manner that devalues its own services?

Or maybe there's something to address the act of knowingly harboring a public nuisance actually created by another party? Humph, there's at least one law permitting a passenger in a private auto to be fined for "allowing a violation" by the driver, so isn't there some slightly less jaw-dropping application of this theory?

Re:this didn't happen by accident

[Dimensio]

That is, couldn't there be legal means of breaking a contract with an ISP that operates in a manner that devalues its own services?

It has been suggested by anti-spam groups, but many people who find themselves on spam-friendly ISPs prefer whining about it rather than being proactive. Apparently it's not their fault and it's not the fault of the ISP for hosting spammers, it's the fault of people who don't want to accept traffic from spam-friendly ISPs.

Re:this didn't happen by accident

[_Sprocket_]

The solution is to use an email provider that doesn't subscribe to spamhaus or other services, that way you won't be subjected to email outages. This doesn't solve the problems of folks you email _to_ not getting your email, but if those folks don't have good connectivity, theres not much you can do.

So you're saying your solution to handling ISPs that provide connectivity to spammers is to move to ISPs that do not block spam. Interesting.

How long have you been working in the spam industry?

Re:first

[Rasta+Prefect]

I get spam emails from this company, telling me to use their software to eradicate spam .. Pot calling the kettle black?

Try looking up Joe Job.

Re:epitome of laziness

[Halo1]

Our university had two install 2 new mailservers just to be able to run all incoming mail through spamassassin. Do you think the spammers paid for that "small annoyance"?

Using SBL from command line?

[steveha]

Can anyone tell me how to query the Spamhaus block list (SBL) from a Linux command line? I tried to use the "dig" utility to do this ("dig @sbl.spamhaus.org suspectedspammer.com any") but it doesn't work.

I read the "how to use SBL page" (here) and I understand that I can set my MTA to use it to block spam. But I'd like to test it out a bit before putting it into production, and ideally I'd like to be able to use this in scripts.

steveha

Re:Using SBL from command line?

[Zocalo]

Supposed you have a suspect IP, "A.B.C.D". You start by reversing the octets: "D.C.B.A", then perform an A lookup, not a PTR, against the host "D.C.B.A.sbl.spamhaus.org". If it returns 127.0.0.2, then you have a win^H^H^H loser! To perform a check against other DNSBL providers, simply replace the "sbl.spamhaus.org" with the appropriate host, for example "bl.spamcop.org".

Also, note that you do not have to query directly against the DNSBL DNS server because it's just another host in the DNS heirarchy.

Re:Using SBL from command line?

The above is good, but try using a TXT lookup instead. Thats "dig D.C.B.A.sbl.spamhaus.org TXT".

For example, let's say our spammer of the day (We'll call him 'Drew Auman', because that's his real name) is spamming his domain "kingherbal.biz" with an IP address 203.197.204.86.

[root@localhost] # dig 86.204.197.203.sbl.spamhaus.org TXT

; > DiG 8.3 > 86.204.197.203.sbl.spamhaus.org TXT
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 15
;; QUERY SECTION:
;; 86.204.197.203.sbl.spamhaus.org, type = TXT, class = IN

;; ANSWER SECTION:
86.204.197.203.sbl.spamhaus.org. 2H IN TXT "A href ="http://www.spamhaus.org/SBL/sbl.lasso?query=SBL1 0886"

Re:Using SBL from command line?

[schon]

Even better is an ANY lookup (and use host instead of dig)..

Here's a quick bash script to do a lookup in various blacklists:

#!/bin/sh

doms="sbl.spamhaus.org
dnsbl.njabl.o rg
blackholes.easynet.nl
sbl.spamhaus.org
cbl.a buseat.org
dnsbl.sorbs.net
opm.blitzed.org"

i f [ "x$1" = "x" ]; then
echo "Usage: $0 [ipaddress]"
exit
else
n=`echo $1 |awk -F. '{print $4"."$3"."$2"."$1}'`
for j in ${doms}; do
host ${n}.${j}
done
fi

Re:Using SBL from command line?

[Tony+Hoyle]

rblcheck:

tmh@sisko:~$ rblcheck 192.168.1.4
192.168.1.4 not RBL filtered by cbl.abuseat.org
192.168.1.4 not RBL filtered by list.dsbl.org
192.168.1.4 not RBL filtered by blackholes.easynet.nl
192.168.1.4 not RBL filtered by dynablock.easynet.nl
192.168.1.4 not RBL filtered by dnsbl.njabl.org
192.168.1.4 not RBL filtered by sbl.spamhaus.org
192.168.1.4 not RBL filtered by l1.spews.dnsbl.sorbs.net

Re:Using SBL from command line?

[cpghost]

Okay, with a working rblcheck?, a return code != 0 means that the address is filtered. Very good!

Re:Using SBL from command line?

[cpghost]

Thanks for this hint. With rblcheck, it works like a charm.

However, another problem occurs with fetchmail. When fetchmail downloads from a POP3 server, it drops the mails into local sendmail. Enabling FEATURE dnsbl on this local sendmail doesn't help at all, because all that is checked is the IP address of the ISP pop3 server, not the address of the original spammer.

Any idea how to combine fetchmail, rblcheck and local sendmail in such a way as to redo the dnsbl check, now on _every_ IP/DNS address listed in the Received: headers?

Re:I'm worried about non-spam email being blocked

[supersam]

I quite agree that Yahoo! has a great system to filter out spam to the Bulk Mail folder. I've almost never had a spam mail delivered to my Yahoo! Inbox.

Using custom filters in Yahoo! hampers the spam filtering mechanism and spam does manage to elude the Bulk Mail folder and ends up in some other folder.

Attachments will not cause a mail to be filtered out. In your case, probably the person you sent the image used the whitelist feature in Hotmail and your mail id wasn't in it. Or perhaps a custom filter caused your mail (with attachment) to be delivered to the Junk Mail folder.

Spam filters, firewalls, pop-up blockers are not perfect. They cannot ever claim to be (unless of course you have tiny little people inside your computer filtering out spam or pop-ups). They work by casting their nets wide. We have to grant them some leeway. Always check before clearing your Junk/Bulk mail folders so that you don't miss some important mail that might have got caught in the net! And be regular in cleaning your junk/bulk mail folders or you'll have a huge list of mails to scan before you're sure that none of your regular mail gets deleted alongwith the spam.

Pay me...

[Cygnus78]

0.01 $ to get on my whitelist.

Which spammer has the energy ?

If you really want to mail me, you probably have the energy and the money, or if you really want I could pay you back :)

Bandwidth

[KMSelf]

Including viral mail in the definition of spam (and as unsolicited bulk email, it fits), it's not even a matter of paying for bandwidth. There are classes of service -- dialup, wireless, pager, etc., for which email simply becomes no longer useful.

At the peak of Swen, I was seeing, on a dialup account, 300+ MB of spam a day. That's over 20 hour download, just for mail, just to keep up. There are some POP filters and the like available, all are very approximate. Fortunately, I have alternatives (shell account on a broadband server).

Still, for Joe Average, basic Internet services are very nearly, if not already, unusable. p

SPF

[KMSelf]

SPF. Several proposals have been rolled up in this, under ASRG, including SPF, RMX, DMP, and related proprosals.

DNS servers is not the way to go.

[musicmaster]

There are times when people want to sent legitimate anonymous e-mails. I don't think that disabling that is the way to go. Besides that: most people look to the sender, not the e-mail address before they open an e-mail, so this will have limited value. And as you see: Spamhous has other ways to find out who did it. Another problem is that some addresses like Hotmail aren't bound to a provider (and DNS).

Instead I think it is better to work on the link between the hacked computer and the provider. Maybe your provider gives you a provider-specific program you have to install and that verifies that mail is sent the right way. Maybe in the future when your computer works as a spam relayer, the provider will send an e-mail: "Your computer has been found to relay spam, probably due to a virus or malicious software you have downloaded. Please remove the problem and notice us when this has been done. In the mean time your mail will be filtered. Only mail that contains the string 'ABC123' will be let through."

Re:DNS servers is not the way to go.

There are times when people want to sent legitimate anonymous e-mails.

Sorry, but you lost me on line one. What's an example of a time when a person would need to send a legitimate anonymous e-mail message? Death threats to politicians? Hate mail to your ex-girlfriend? I'm amazed people feel they deserve anonymity on the Internet. This isn't your own little private playground built by others for your own amusement. It's a communications network that must be used responsibly by ethical people or you get into the mess we're in currently with spam, fraud, porn flooding the net. It's a society, and societies demand that we obey the rules and be held accountable for our actions.

Re:DNS servers is not the way to go.

[musicmaster]

Well start thinking about things anonymous phonecalls are used for: tips to the police, tips to newspapers, situations where your personal e-mail is irrelevant because you send the mail on behalf of some organisation.

Think too about how many people have their phonenumber shielded so that no one can see it.

And last but not least: posting this as an Anonymous Coward doesn't add to your credibility on this subject;-)

Re:DNS servers is not the way to go.

[MCZapf]

Well start thinking about things anonymous phonecalls are used for...

If I were collecting anonymous tips or whatnot, I would set up a webform and encourage people to submit their tips from public access terminals (say, at a library). No need to rely on anonymous email. Most people probably don't know how to send a truly anonymous email anyway.

Re:DNS servers is not the way to go.

[BrokenHalo]

And last but not least: posting this as an Anonymous Coward doesn't add to your credibility on this subject;-)

Personally, I am beginning to doubt the wisdom of permitting AC posts on Slashdot at all. The incidence of trolls on this forum is getting to the point where I believe that more value would be gained if posts were only accepted from logged-in posters.

This wouldn't cut down the number of junk accounts, but it would slow down the crapflood.

Re:DNS servers is not the way to go.

[Zeriel]

You're a troll, I'm sure, but...

• Blowing the whistle on unethical practices by your employer or your local government or law enforcement.
  
• Reporting on conditions, organizing, or just speaking your mind from inside a country with a repressive government.
  

That's just off the top of my head, and both are incredibly good reasons.

Re:epitome of laziness

[welsh+git]

> I think spam is not that big of a deal. It's just a small annoyance
> that can be deleted in less than 3 clicks.

I run my own server, and mailhost for a number of friends and family.

In total, the server receives approx 10,000 spams a day which is not at all reasonable.

Secondly, because of 'porn spam' my young niece can't have her own email address.

Thirdly, lots of spam in a mailbox can sometimes make you miss important emails if you just delete them quickly.

Finally, no-clicks at all... GUI mailers are too slow :-)

Re:The Negro Enigma

That's not very nice. I think you should apologise.

Re:Just a matter of time until we get secure email

[Analysis+Paralysis]

What Spamhaus does that is different in that they provide information on the worst spammers on their ROKSO list - including names, addresses and phone numbers where known. For some reason, spammers do not like being "outed" (I wonder why?) and this has, in one case, caused a spammer to cease business.

I doubt that any progress will be made in fighting spam until Microsoft/Apple include authentication options in their default mail applications.

Unfortunately, authentication is unlikely to do much to stop spam unless people use it with a personal whitelist of permitted senders. It is currently straightforward to track a spam email (SpamCop can do this if you paste the email in with full header information) but nowadays it typically comes from a cable/DSL user whose machine has been hijacked.

Interesting

[securitas]

* 2003-11-09 08:06:52 NYT Profiles Steve Linford & Spamhaus Project (articles,spam)

The New York Times Technology's Saul Hansell profiles Spamhaus Project founder Steve Linford, everyone's favorite houseboat-dwelling, anti-spam activist (Google). The longish article also neatly describes the history, issues and new directions spam is taking, and the tactics that spammers are using to limit Spamhaus's effectiveness. Linford is quoted as saying, 'E-mail is the most incredible communication vehicle invented, and it is on the verge of being made useless.' Let's hope he's wrong.

No complaints, just odd. Must be the X-Men bit.

Re:The guy is a nut

[ag0ny]

Break the Internet? Something tells me that you don't know very well what you're talking about. Spamhaus (or ORDB or any other black list service) cannot block anything if you (or your ISP) don't want anything blocked.

It's the email server's administrator choice to use such a blacklist or not. In other words: if you're running an email server, you can choose whether you want to block these IPs or not.

You could argue that you're a customer of an ISP that's using Spamhaus or ORDB to block spam and you cannot do anything about that. And I would agree with you on that: you should have the choice to use the blacklists on your email account(s) or not. But that, from the system administrator's point of view, is not a simple task, as of now.

Re:epitome of laziness

[anaplasmosis]

You're an idiot. I get 6 or 7 *hundred* spams a day and 1 or 2 hams. If I was deleting this stuff manually, it would take hours a day. I cannot recommend ASSP strongly enough; http://assp.sourceforge.net

Attempted slander against anti-spam services also

Look what I got yesterday (with forged headers):

---- quote --------------
Dear Internet user.

We are an organization dedicated to stopping spam. Please help us as we are
funded solely by private donations.

visit www.spamcop.net for full details. Or you can send your donations to:

Julian Haight
PO Box 25732
Seattle, WA
98125-1232

As you can see by this message unsolicited e-mail is an invasion of your
privacy. As you can also see it can be sent anonymously

We will continue our efforts until all spam is eliminated.

To join please visit www.spamcop.net or contact
jkdom@mail.julianhaight.com

We will continue to send out this message until we convince all ISP's to
stop all spammers.

!!!Stop low-lifes from invading your inbox with their junk!!!
---- end quote ------------

If they spew out fake spam which can only be meant for slanderous purposes, would you really expect them to *not* be in the virus game. Almost all these Windows viruses, if you hexdump them, have smtp capability. It's quite thinkable that a fair amount of them are really experiments rather than 'bad things done to innocent users because the virus writer likes doing that'.

There must be a lot of money involved in the art of spamming still. I wouldn't be surprised if spamhauses are partially means of laundering money as well (think about it). Either way, these people *are* criminals and one should consider them as such.

Re:The Negro Enigma

That is a very interesting theory. I've thought of this: If I am a Creation of Fyodor's Thought, then Fyodor and I are the Same Person.

Privacy Policies

[Likes+Microsoft]

Read privacy policies. Keep a spam magnet e-mail address for those web sites that have poor or nonexistent policies.

I read the privacy policy of any website before providing them with my e-mail address. If it looks at all like they might give it to third parties for advertising purposes, or post it on a website in the clear, or put me on lists where it's not clear I can opt out at any time, then I don't give it. If I must, then I give them my old Yahoo e-mail address, which already gets 20-1 spam, because I wasn't careful with it.

I began this policy 5 months ago, when I finished my degree, and since then I have only received the occasional (1/week or so) "Herbal Viagra" ad. The moment I stopped using my university account (not careful with it, same as the Yahoo account), my "spam count" dropped through the floor.

A month before, I had started using Popfile to filter spam. I still use it, but mostly just to pre-sort my e-mail into different priority folders.

education of the people buying the stuff

[martin]

The problem isn't so much the spammers, it's the people buying from them.

If people didn't buy the spammers wouldn't have a market and would go away.

The issue is to educate the general internet populus that are are merely encouring the spam by purchasing from the advertisers.

Re:education of the people buying the stuff

[aurelian]

The issue is to educate the general internet populus that are are merely encouring the spam by purchasing from the advertisers.

for some reason I read that as 'eradicate' rather than educate.. and what's more it seemed reasonable!

Re:education of the people buying the stuff

People buying from the spammers include not just the people buying the products, but the people who pay spammers to spam.

Often the people who pay someone like Ralsky a few K to spam don't get their money back. We know from a few published stories that sometimes spam projects do make money, but a spammer has no problem swearing to a dumb ass somewhere that he has a 2 billion completely legal opt-in list, collecting a few K for the operation, spamming, and then when the guy gets less in sales when than what he paid for in the spamming, the spammer will just tell him he needs to adjust his pitch and try again.

This is true of the legitimate advertising industry also. Much of the advertising you are presented with every day doesn't make economic sense for the person paying. Who makes money no matter ? The billboard owner, the sign maker, the printer, the newspaper, or the spammer and his ISP.

I few months ago I received a string of about 4 or 8 spams over the course of a month, all in poor english, along the lines "I have a heavy guage sheet metal stamping factory in Shanghai, I would like to do business with the United States, please contact me if you are interested." I can visulize the rip-off artist who went to all these desparate, uninformed Chinese small businessman, and convinced them to hand over cash to send out those emails.

I believe the economic structure of what pays for some of the spam is very similar to what pays for the "1500 to 3000/wk ft/pt" herbalife "street spam" plastic signs. The victim who is actually funding the entire industry is the actually the guy putting up the signs.

Re:These guys block pretty large blocks. NOT

[BC+Guy]

No, spanhaus was not blocking your eMail. spamhaus doesn't block anyone's eMail. They list offenders. Individual people decide to block. If your preferred isp gets listed for bad behaviour and are unable to provide you the service for which you contracted, you should take it up with your isp.

And you readily admit that your isp was supporting & hosting spammers?!? Was this a troll? If your housing association or your employer starts dumping raw sewage into the local nature preserve, you should expect that your friends and associates will stop dealing with you.

B

Re:These guys block pretty large blocks. NOT

Guns don't kill people:

High velocity bullets kill people!

+5, Informative

nt

Re:The guy is a nut

[PReDiToR]

What you say is great, but as soon as you set up your own email server to get around blocks like this, some TWAT like AOL comes along and decides that anyone that uses their own email server, from their own home is a spammer and is auto-blocked.

I have been running my own email server for years, and now if I want to send email to AOL users I have to route it through my ISP which negates the privacy aspect of having my own server.

One of the Good Guys

[Kurt+Wall]

It's a pleasure to read an article about one of the good guys, for a change, instead of the profiles of unapologetic spammers.

A couple of interesting links, "alleged" spammers:

Do a whois on spamhaussucks.com

I've been getting spam that are originating from a domain that are using nameservers called

ns1.spamhaussucks.com and

ns2.spamhaussucks.com

Can the guy get any more blatent or confrotational than that?

And here's another interesting link, on how the poor rights of the spammers are being trampled on, and what to do about it.

Give the poor guys a break, will ya?

Re:Just a matter of time until we get secure email

Blech - you don't need to post your address to get spam. Go and register a domain name - you'll get tons of spam to random addresses in your domain.

Spammers are not interested in anybody actually reading the shit. They are simply blasting it out since they signed a contract with a naive business owner to send a gazillion spams - so they do that - and they don't care whether the addresses are real or bogus...

The result is that every domain owner gets a shitload in his inbox clogging up his mail system and the naive business owner that contracted the spam is poorer and has a mailbox full of death threats...

Re:epitome of laziness

3 clicks huh? Now try deleting 300 spams and 100 viruses each day, in order to read your 5 or so real messages... SPammers should be drawn and quartered.

Re:These guys block pretty large blocks. NOT

the think to do is to not use email providers serviced by spamhaus or other offenders that are too quick to block netblocks.

The domains that get blocked are of course favored by spammers, but additionally, they most likely won't use spamhaus or other listing services, so email _to_ you won't be blocked. Its true that the folks you mail _to_ might not get your email, but thats their choice to use a restrictive isp, so not much you can do there.

You give spammers too much credit...

[Dimensio]

...they wouldn't bother checking against the "do not spam" list. Spammers are, by nature, sociopaths with absolutely no regard for the law. Further, they tend to define "spamming" as anything other than that which they do.

The only sure-fire solution to the spam problem is brutally and publically torturing spammers to death.

Re:You give spammers too much credit...

[Phroggy]

You misunderstand. I meant, they would check the Do Not Spam list to get a list of valid e-mail addresses (if somebody bothered to list them, they must be valid), then sell that list to other spammers as a confirmed opt-in spam list.

Re:You give spammers too much credit...

[Dimensio]

Ah, yes, sorry. You're absolutely right, they would do that.

NOT a chance

[Craig3010]

I heard he had one of

these puppies on board...

Re:NOT a chance

Yes, that and permission from the Brit government to surround the houseboat with a scuba-diver deterent:

"Sharks with frikking lasers on their heads!"

Not digital signatures, but reputations

[heironymouscoward]

I was not suggesting a technological fix, but a social one.

Something like this... you can send data through my clearing house. I have a good reputation, let's say AAA, because I'm really strict about who I accept data from. In any period, you can't send more than 20% of the total you've ever sent, and if you abuse my reputation I'll cut you off.

Perhaps I'll ask you to place a financial deposit in case you misbehave.

Clearly, people will pay a premium to have their data sent through the most trusted clearing houses. Abusers will have to pay more, up front and in fees.

Digital signatures can be used to secure the communications between two parties who enter into such an agreement, but they do not create a balanced system in themselves.

This model is actually nice. Perhaps I'll patent it. :)

Re:Not digital signatures, but reputations

[Nintendork]

Not too bad. Good luck if you pursue it.

-Lucas

!~ not =~.

"you can bet somebody would write a script to randomly generate billions of e-mail addresses, check every one of them against the Do Not Spam list, compile a list of every e-mail address that matches, and sell it as a list of confirmed opt-in e-mail addresses on CD-ROM for $500."

You mean doesn't match?

Or else you would just return a subset of the original do-not list.

It sucks, but...

[falsified]

People are going to have to stop using email. With the vast majority of internet users using some sort of instant messaging program, it's easy to get ahold of a person on the internet. In the instances that a more formal message must be sent, we can use radical new solutions such as the postal service. Fixing SMTP won't work, a new protocol won't work, banning spam won't work, a tax on email is uncollectible and WON'T WORK.

In an unrelated rant, my username is a normal English word and my domain is a popular email domain. I get five or ten spams a week. The solution? Completely fake information when I sign up for things. The New York Times knows me as Pablo Rodriguez from River Forest, Illinois. My email for them is hotsexy69696969696969@hotmail.com. I suggest you all do the same.

Re:It sucks, but...

[chromatic]

With the vast majority of internet users using some sort of instant messaging program

Do you have a source for this? I'm interested in seeing some statistics. Thanks!

Re:It sucks, but...

[torgosan]

Earth to Pablo...I don't know your circumstances but suffice it to say that, from your post, you're enjoying some separation from reality.

Stop using email? Are you serious? Try selling that idea to the many folks who rely daily on email to accomplish whatever it is they wish to see completed. Business, academia, personal - you name it. And where do you get your stats that the "vast majority" of users use IM's? Not a flame-fest but your post reeks of being out-of-touch.

Re:It sucks, but...

I do better. I have given some places
uce@ftc.gov or root@localhost

Re:It sucks, but...

[falsified]

"Vast majority" may be too strong. I would say that the vast majority, however, does at the very least have access to instant messaging programs. And email is NOT necessary. A phone call (or IM) can do just as well. Let's not forget that the internet wasn't a part of the average American's life until about five or ten years ago. Survival and email are separable. I'm not calling for a definite end to email, but come on. With the amount of spam email approaching 80% and showing definite signs of increasing, the email infrastructure is going to implode. When spam constitutes 98% of all email and finds a way (which WILL HAPPEN) to dodge filters, do you really think that people will rely on email as much as they do now? I hope not. We will at the very least see a movement toward a closed architecture, where some authority will be able to choose who's a member and who isn't. (Much like IM systems.) Either that or whitelisting will be the de facto standard.

In any case, open electronic mail is probably on its way out unless it can somehow become a Rule of the Internet (when has that ever happened?) that an SMTP server must be responsible for all its users before POP servers will accept its messages.

And let's not forget that filters simply dictate when you have to dig through spam, not whether you will have to dig through spam. The prospect of a false positive, especially when it comes to serious business matters, keep us looking through those spam folders. Something big is going to have to change if living with spam is not an option. (Again, in my parent post I argue that spam easily can be reduced to almost nothing.)

Re:It sucks, but...

I can give you statistics... My system can generate a "honeypot" or Throw-away Email address everytime I pop up a compose page. This is entered into a database. I would opt out using my REAL public Email, but also opt out using my throw away one, and in a few days, I can start seeing spam come into these addresses.

When I do, I lookup the address in the database, and can not only get back to the original spam message, but also who I opted out to (but usually they are already shut down), so we go one step further. Since we have the original spam, we also can extract additional info on them, and usually SpamHaus would then provide us all the info we need to sue them, but (sigh) few attorneys are willing to take on these cases on Contingency, no matter how deep the spammer's pockets are.

I'm currently in litigation with a spammer who has done this, dispite the fact that I can PROVE they were doing it, and yet I could not find an attorney to take on the case on Contingency.

you got trolled

[SethJohnson]

This is an obvious troll. You bit.

Re:first

[dspeyer]

And I get Windows viruses promising to make me immune to Windows viruses!

Which I already am, of course

The coming California spam law

[Animats]

On January 1, California's new anti-spam law goes into effect. This has several key features. First, the default penalty for spamming is $1000 per spam. Second, anyone can sue, including in small claims court. Third, you can sue the "beneficiary" of the spam, the business being advertised.

This should result in a tide of small suits against big companies. Any company that has some presence in California can be sued easily. Suing out-of-state companies may be possible; it's a "long-arm" statute.

Our local small claims court is putting in electronic filing. It may be possible to automate much of the process.

X-Men?

[dacarr]

I hope to God that this doesn't mean the volunteers run around wearing brightly colored spandex.

Re:X-Men?

No, you should "hope to God" you never see a spammer running around wearing this!!!: [warning] image of Spamhaus.org listed spammer Bob Galena and wife [warning]

General Proposal for "Spam Sinkholes"

[startleman]

I'm not too well versed in the technical intricacies of email routing, however, it would seem to me that an effective way to curb spam would be to form "spam sinkholes." This could be done by implementing a filtering system into all mail servers that use a "bayesian" produced list available from a central authority, that is trained by hundreds, if not thousands or millions of people. For example, a client could be installed on people's machines, (e.g. spambayes or something like it), and the list of words and their probabilities could be uploaded to a central authority. This would result in a list of words that a large proportion of the population considers spam-related. Due to the sheer number of people that could contribute to this list, it would likely be quite accurate in assigning an appropriate "spam probability." Furthermore, this list could be moderated by a group in order to avoid nasty people undermining the list. However, if enough people contributed to it this would probably not be needed simply due to the statistical probabilities associated with so many people assigning a value to a term. Thus, the mail servers could automatically download and update the list on a daily or weekly basis. When an email was received for routing, it could be scanned, and if it was scored with a high enough probability (99-100%), it could be "cast into the void," or at least delayed indefinitely, resulting in the spammer?s server eventually giving up. Most of the true spam I receive is rated at 99% to 100% by Bayesian filtering and I've never had a non-spam rated higher than 50%. This would likely stop most spam at the first server it encountered, and would dramatically decrease the amount of spam traffic.

Re:General Proposal for "Spam Sinkholes"

there are practical problems with using a corpus of ham and spam for hundreds of users.

Different people get different spam. When you combine more then one user, your spam/ham corpus is then "polluted" and your accuracy goes down the toilet, and you'll be getting more mis-classifications.

We use a 2 teir filtering system. First tier pulls out about 80 - 90% of the spam without Baysian filtering, using our own patented technique that also seems to catch the spammers who like to obfusgate their messages to "fool" the filters. Only 10% of those get through, and ONLY the plain text messages or HTML messages would get passed to the Baysian part.

Each user must have their OWN corpus, so the acccuracy is up to about 99% now.

Our first tier filtering is also setup so that as it classified something as spam, there is a 99.9% that it's actually spam, so it is highly unlikely that ham would ever get put into the "spam pot" as we like to call it.

Re:General Proposal for "Spam Sinkholes"

[Boccanegra]

The reason that Bayesian spam filtering works is because it is personalized. Different users get different kinds of legitimate, non-spam e-mail, and for that reason each person has a different set of values in a Bayesian filter. Centralizing a database using averages from many different clients makes Bayesian filtering several orders of magnitude less effective, not more as you seem to assume.

Re:Attempted slander against anti-spam services al

>There must be a lot of money involved in the art of spamming still.

More then you can possibly imagine dude... this is how the Sobig and other new virii are getting so sophisticated, because hackers and virus writers are getting paid top dollar to write this crap, and it's going to continue as long as all our programming jobs are going to India.

Dynablocks - Re:The end of spam

[mousse-man]

So far, instead of using SPEWS, one can also use DBSBLs that block dynamic IP addresses, which works very well. This at least forces spammers to use SMTP relays, and together with ORBS, you can significantly reduce the amount of spam getting to your MTA.

However, using SPEWS usually sets a signal for some providers as well to clean up their shop.

Paris Hilton Porno Link

Looking for the Paris Hilton porno tape? Look no further than Freenet.

CHK@qGlSiCK3HPMx38fCuSPlo81ws2AMAwI,LRhfAE-DMDcs nr QhkXEiBw/parissexmovie_256k.wmv

(Remove the spaces that Ashdotslay inserted into the key)

Re:The guy is a nut

[ag0ny]

I have been running my own email server for years, and now if I want to send email to AOL users I have to route it through my ISP which negates the privacy aspect of having my own server.

Yes, that's right. These things happens. But whether we like AOL or not, they still own their servers and have the right to decide what email goes through their servers and what email doesn't. You could tell your friends about that, and let them decide whether they would like to move to other ISP or not.

The problem is choice.

Steve Linford's corrections to the article

[McDutchie]

Steve Linford has posted a couple of corrections to the article. The Usenet article follows:

From: Steve Linford <linford@spamhaus.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Spamhaus in the New York Times
Date: Mon, 10 Nov 2003 18:18:04 +0000
Organization: The Spamhaus Project
Message-ID: <linford-322705.18180310112003@news.supernews.com>
References: <rbnsqvsesdq5pq0jkqpl8o2mm65rjbj8qq@4ax.com> <7udtqvog72ndachspbeodnm07s5q1tla1r@4ax.com>
User -Agent: MT-NewsWatcher/3.3b1 (PPC Mac OS X)
X-Complaints-To: abuse@supernews.com
Lines: 70

In article <7udtqvog72ndachspbeodnm07s5q1tla1r@4ax.com> ,
shiksaa <shiksaa@spamhaus.org> wrote:

> On Sun, 09 Nov 2003 10:31:14 -0500, Tim Boyer <tim@denmantire.com>
> wrote:
>
> >Good article.
> >
> >http://www.nytimes.com/2003/11/09/business/yourmo ney/09spam.html?pagewanted=a
> >ll&position=
>
> No, it's not. Hansell left out many team members who contribue an
> awful lot. That pisses me off.

One thing Saul did say though is that he'd gathered too much info to fit
into one article. I too would have preferred much more focus on Spamhaus
as a team, as without it it comes off sounding like one guy on a boat.

A couple of things I'd like to correct here for the record are:

- "Mr. Linford's block list is faltering". It's not, the SBL is blocking
everything it is designed to block and so well that the spammers are
having to use highly illegal 3rd party exploits to get round it. I think
Saul may have not understood that the lists are not in competition with
each-other but each list is specialized in blocking one type of
spam-source; direct spam or 3rd Party exploit. The SBL specifically
blocks direct spam sources only and is not faltering in this, it's
holding a vital front line as spamming via 3rd Party exploits is illegal
and crackdowns by law enforcement are about to begin on spammers doing
it. So if spammers don't want to go to jail they have little choice but
to spam direct from their own IPs... which are on the SBL, hence the
dilemma facing spammers, hence the attacks on us and the other
spam-source list, SPEWS.

- The UK Government haven't "not" given us a grant (the article implies
they turned us down), I simply have not completed the formal request yet
as we've had too much going on here. There is also a written
recommendation from the All Party Parliamentary Internet Group for UK
Goverment (DTI) to fund Spamhaus. It's something I have to follow up on.

- On me personally, there are a couple of little bits that went a tad
pear-shaped... I don't mind at all coming over as an ex-hippy (I was),
but I didn't "play guitar in coffee shops" (well I did sometimes for
fun), I mostly spent my time in recording studios and was signed to an
Italian record label, hence I had a beach lifestyle on the proceeds,
later I was a concert production manager (the guy in charge) not a road
manager (the guy who gets the bottom bunk on the crew bus ;-) My first
company didn't 'flop', we simply changed the name sometime in 88-89 to
"Ultradesign" because it sounded nicer, and then shifted the emphasis to
Internet which didn't formerly exist. The last bit about plans to move
onto a yacht (cruiser) is basically correct, but that would be only my
personal computers (Spamhaus' main computers, like the team which we
can't operate without, are all over the place and would no doubt remain
in various datacenters), although that would not be in the Adriatic,
rather the Mediteranian, where I grew up.

- I would have liked to have seen the reader given a bit more
information on spammers quoted such as Scott Ri

Re:I'm worried about non-spam email being blocked

Re:I'm worried about non-spam email being blocked (Score:2, Informative)
by supersam - I quite agree that Yahoo! has a great system to filter out spam to the Bulk Mail folder. I've almost never had a spam mail delivered to my Yahoo! Inbox.

Yahoo has good spam filters? Geeze, someone better get on Yahoo and let me have more than the 100 spam limit list becuase my old account is at 117% usage and is ALL SPAM. I gave up deleting them. Let it take up space on Yahoo as far as I care. They limit me on who I can restrict, then let them have 7.02MB less HD space for their/someone else's use!