Slashdot Mirror
Spamhaus Guru Steve Linford Profiled
BenLev writes "The New York Times has an article profiling Spamhaus Project director Steve Linford. The feature goes behind the scenes at Spamhaus, 'one of the leading groups that is trying to make the world safe from junk e-mail', showing that it operates from Linford's houseboat on the Thames near London, spammers don't like him, and his volunteer corps likens itself to the X-Men."
Non-NYT site
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
1) That's 3 clicks per email * the rate at which you gets spams. It adds up after a while
2) There's always the chance of a type 2 error - you could lose (either through accidental blocking or unintetional deleteing) an important email.
3) You pay for the bandwidth that they waste, in the long run. They are simply shifting the price of getting in touch with you from themselves to you. In effect, they are calling you on your dime.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
I like the idea of the do not spam registry that they mention in the article. But it seems like a real pipe dream considering how much trouble there has been getting the do-not-call registry up and running.
Compared to spammers, the sleaziest telemarketers are shining pillars of ethical perfection. Telemarketers will not abuse the Do Not Call list - if nothing else, than because they REALLY fear the FCC (and FTC or whoever winds up administering it). They run legitimate, legal businesses, and can't afford to run the risk of breaking the law.
Spammers, on the other hand, care not for such things. If there ever were a Do Not Spam list created, and it was done in such a way that the list itself would not be published, you can bet somebody would write a script to randomly generate billions of e-mail addresses, check every one of them against the Do Not Spam list, compile a list of every e-mail address that matches, and sell it as a list of confirmed opt-in e-mail addresses on CD-ROM for $500.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I don't know about everyone else but lately I've been trying to find work and I have come across atleast 4 opportunities to make 1.5 times my normal rate if I do some development related to spam. Each time I've interviewed I've told the employer that spam was a bad way to go and that it'd be illegal soon etc... but it seems like they've all had past experiences where spam has been highly profitable.
-- D3X
My latest endeavour... truly free porn www.NeoX3.com 5 mins movies supported by only a 15 sec commercial. No-popups or membership or catches.
I quite agree that Yahoo! has a great system to filter out spam to the Bulk Mail folder. I've almost never had a spam mail delivered to my Yahoo! Inbox.
Using custom filters in Yahoo! hampers the spam filtering mechanism and spam does manage to elude the Bulk Mail folder and ends up in some other folder.
Attachments will not cause a mail to be filtered out. In your case, probably the person you sent the image used the whitelist feature in Hotmail and your mail id wasn't in it. Or perhaps a custom filter caused your mail (with attachment) to be delivered to the Junk Mail folder.
Spam filters, firewalls, pop-up blockers are not perfect. They cannot ever claim to be (unless of course you have tiny little people inside your computer filtering out spam or pop-ups). They work by casting their nets wide. We have to grant them some leeway. Always check before clearing your Junk/Bulk mail folders so that you don't miss some important mail that might have got caught in the net! And be regular in cleaning your junk/bulk mail folders or you'll have a huge list of mails to scan before you're sure that none of your regular mail gets deleted alongwith the spam.
Also, note that you do not have to query directly against the DNSBL DNS server because it's just another host in the DNS heirarchy.
UNIX? They're not even circumcised! Savages!
SPF. Several proposals have been rolled up in this, under ASRG, including SPF, RMX, DMP, and related proprosals.
What part of "gestalt" don't you understand?
Break the Internet? Something tells me that you don't know very well what you're talking about. Spamhaus (or ORDB or any other black list service) cannot block anything if you (or your ISP) don't want anything blocked.
It's the email server's administrator choice to use such a blacklist or not. In other words: if you're running an email server, you can choose whether you want to block these IPs or not.
You could argue that you're a customer of an ISP that's using Spamhaus or ORDB to block spam and you cannot do anything about that. And I would agree with you on that: you should have the choice to use the blacklists on your email account(s) or not. But that, from the system administrator's point of view, is not a simple task, as of now.
My site
There are quite a number of such proposals. For instance...
...among others. The Internet Research Task Force Anti-Spam Research Group (IRTF ASRG) currently has a sub-group specifically dedicated to the unification of these proposals. This is a relatively recent initiative (only about a month old). You can find archives of the discussion at gmane.org.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
The above is good, but try using a TXT lookup instead. Thats "dig D.C.B.A.sbl.spamhaus.org TXT".
For example, let's say our spammer of the day (We'll call him 'Drew Auman', because that's his real name) is spamming his domain "kingherbal.biz" with an IP address 203.197.204.86.
[root@localhost] # dig 86.204.197.203.sbl.spamhaus.org TXT
; > DiG 8.3 > 86.204.197.203.sbl.spamhaus.org TXT
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 15
;; QUERY SECTION:
;; 86.204.197.203.sbl.spamhaus.org, type = TXT, class = IN
;; ANSWER SECTION:1 0886"
86.204.197.203.sbl.spamhaus.org. 2H IN TXT "A href ="http://www.spamhaus.org/SBL/sbl.lasso?query=SBL
Bayesian filters are our best technical solution.
Except they don't actually block spam.
A filter (whether bayesian or otherwise) has to examine the content of the message - it can't do that until it's received the message.. so by definition, a filter can't block spam.
Blocklists are the only way to block spam.
I just think blocking large address ranges does as much to create false-positives than to block spam.
The point is that if your ISP has repeatedly ignored the problem, then there are no false-positives.
Until your ISP cleaned up their act, you were (indirectly) gaining a benefit from the spam, in the form of cheaper hosting.
Are you absolutely 100% sure you were blocked by Spamhaus and not by SPEWS? Spamhaus generally tries quite hard to avoid "collateral damage".
I think a more important difference is that it costs them money to call you. So, basically, a Do Not Call list saves them money because they do not need to call people who hate telemarketing.
I've spoken to the husband of a friend who works at a telemarketing place, and actually telemarketers hate the DNC list, since it allows people who have problems with saying no and confrontational situations - vulnerable people who are one of the telemarketers' main targets - to say no anonymously, with no conflict.
If (and only if) such people didn't contribute large numbers of $$$ to the telemarketers' profits, then the latter would love the DNC list.
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
Spam blacklists are unsustainable in a world where most net connections come across DHCP, and most spam is/will be sent from owned home computers.
That was a problem solved several years ago. Many ISPs simply block any and all DCHP addresses that they can identify, and many specifically list their DHCP addresses with some of the block lists to make it easier.
This is because nearly all email from DCHP addresses is, in fact, spam, and most of the rest is from someone violating their AUP in the first place, running a server on a consumer account.
Don't give up your day job.