Slashdot Mirror
Spamholes Fighting Spammers
mike9010 writes "A person named I)ruid has come up with an ingenious way to combat those spammers. His program, spamhole, creates a false 'open relay' that the spammer thinks he/she can send messages through. The messages then get sent nowhere, and the spammer has no idea.
"spamhole is an open project. Hopefully, through user's and developer's contributions, we will amass a collection of spamhole implementations spanning all commonly used platforms, programming languages, etc. Ease of configuration and use are the primary objectives, for the easier to use by the non-techical layperson the implementations are, the more widely adopted and used spamhole will become.""
Spammer will just send email to himself to make sure relay works. The author claims that the defense against this is to allow the spammer limited access in the beginning, but there's no way to uniquely identify the spammer, and in any case, the spammer can just continue to include himself in the mailings, so he'll know when the relay has been configured to deny him access.
This system will only increase the number of open relays out there.
The story of the hare and the briar patch comes to mind. Is this the idea of a spammer who is pleading with us to please not create all these open rel..., er, um, spamholes?
Is this truly the only Earth I can live on?
This sounds like a pretty interesting project. One question though, what happens when the spammers themselves get word of this? They will just relay a message through each open relay they find to an account they can check, to see if the message went through. If the message doesn't go through then its a 'blackhole' relay and they will find another one. I just don't see something like this working. Maybe it should save all of the spam and use the messages to update spamassassin filters or something like that. Otherwise it'll be useless. Just my thoughts.
Stick it in your spamhole, pal!
Perfect...
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
Wouldn't a law making spam illegal and punishable offense be more effective?
I have been pwned because my
It's not a cure but it's another small tool which might help a little.
Sig is taking a break!
This is not a bad idea though it could be abused. However what the author doesn't seem to realise that open relays may only account for 25% of spam. The rest comes via open proxys which mask the connection and mean that the mail server is receiving an SMTP session from a valid IP address. It might help a bit but at the end of the day the only good solution to fix spammers is hit them where it hurts in the pockets.
Of course that is easier said than done
Rus
Cheap UK and US VPS
Just watch the RBL's and ISP's shut down your IP block for having an open relay...
How are they supposed to know the difference between a spamhole and a real open relay?
"Kinky sex involves the use of duck feathers. Perverted sex involves the whole duck." - Lewis Grizzard
...because spammers will (or already do) use an actual sample mail address to see that the mail isn't getting through.
+ Five minutes to implement.
+ It will fool spammers for five minutes.
+ Your ISP will disconnect you after five minutes.
Let's chalk this one up as yet another "nice try, shame about the lack of planning".
If you were blocking sigs, you wouldn't have to read this.
I ran a very similar program to see what I would catch.. I caught my ISP, or rather they caught me - they thought I was running a deliberate open relay and sent an email warning me to shut it down. I was pretty surprised they were on to it so quickly (less than 24 hours).
i think it will not work for two reasons:
a) as mentioned before, it is easy to probe the hole to make sure it really works.
b) i seriuosly doubt that the security team of any university and / or company would enable such a hole because then they might get blacklisted and no more email for them...
OpenBSD's spamd actually tarpits the spammer down, then after a looooong held connection sends a 450 (by default) to the spammer to have the spammer-machine retry. I have it running with various autoupdated blackhole lists and very little spam sees my server anymore.
Trolling is a art,
This is basically a honeypot. Various other forms of this exist [like TCP keepalives for as long as possible]. The basic idea is you want to make sure the user thinks its working while wasting their time.
;-) [this last comment is aimed at the jerk who is sending the same spam twice to me about all sorts of increased sex crap. It's bad enough you send it once but twice in under 5 mins? In the ban list you go!]
The trick is much like the polution on P2P. People often complain that the stuff they download off P2P is either renamed [e.g. no the thing they were looking for] or of very low quality. This dissuades people from using P2P.
Likewise if lots of people setup fake SMTP servers that don't do anything it will polute the "scene". Possibly make it less attractive for spammers.
Of course what would be nicer is just to snipe the spammers and auction off their property for Quiznos money
Someday, I'll have a real sig.
Spam is moving off open relays and onto pirated home computers. Spammers and virus writers together have already designed a distributed architecture in which they can send emails from hundreds of thousands, possibly millions of 'owned' personal computers.
The solution is to accept that email will become 99.9(n) junk, and that the challenge then becomes to extract the signal, not filter the noise.
One solution I foresee is "data clearing houses" which store-and-forward email, using a reputation management system to rank and score email (and other data, for the problem is general).
Ceci n'est pas une signature
It won't work.
On a small scale it has no impact.
On a large scale the spammer will just send a few 'test' messages through your system and move on to the next. With a million spamholes, a spammer can send a million mails at the least. Great.
Also, you'll get yourself blocklisted by every major DNSBL very soon. They scan for open relays too...
This is your sig. There are thousands more, but this one is yours.
Slashdot, on the cutting edge of last year.
I can see this being a great "live" email harvesting tool for some spammers. Setup a spamhole and just sit back and collect the addresses that other spammers try to send to. A good majority of the addresses will be good and you don't even have to waste time harvesting. This could be a windfall for technically savvy spammers with a little time to waste. Good God. Here we go again...
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
for whatever reason you say it, I ask you this "What solution have you thought about and coded?"
...has anyone been the target of a spammers affection?
I guess that as soon as they decide that your mail server is open to relaying they will pump their mails as quickly as possible trough to the server...
Wouldn't the bandwidth consumed while pumping all those pr0n mails trough to your server slow your xDSL (or whichever connection you have) to a grinding halt and thus make the project more suited towards those with a fat connection and something to prove?
They (spammers) just start putting one of their own emails on their list. Once they finish their spam sending fest, they check their inbox, if they see nothing, then do it again on another relay.
PLEASE DO NOT READ THIS IF YOU ARE A SPAMMER
We had a spammer exploiting an incorrectly configured formmail.pl on one of our servers. We didnt actually use it, so I replaced it with a fake version that accepted pretended to accept the mail and return 100mb of data as a reply.
Our provider gives us unlimited upstream bandwidth, so it had no real effect on us- however here would have been at least 50gb worth of data used by the time the spammer caught on, so hopefully that cost them some cash. (Although in all likelyhood it was only a minor inconvenience).
Isn't the spammer going to know that the supposed relay is a spam hole if he includes an account that he accesses on his list and checks to see if he's received a message from himself afterwards?
If you put this on your site, and people complain about those 'let through' spams at the start, your entire netblock will be marked as a spammers paradise (and rightly so - how can the RBL's tell the difference?). Goodbye email.
...
Some RBL's do not allow changes to be made unless you pay a big fee, and you lose the fee if they consider the complaint genuine.
This sounds real risky to me
Simon.
Physicists get Hadrons!
This is still the best method to "slow down" spammers. Having a listener on port 25 on un unadvertised box waiting for a connection from some random person, knowing this to be a relay checker and/or spammer, then holding onto the connection forever. This is what LaBrea does, but LaBrea does it on a larger scale, for entire subnets w/ open IP addresses, and any port.
if a bunch of spammers collect IP addresses of these spamholes and create a blacklist, does Spamhaus have a right to complain then?
...and that's the way the cookie crumbles.
While the concept is somewhat interesting at first glance, the people who run spamholes might end up with it costing them a lot of bandwidth and system resources.
In short, this idea might only work if somehow you could get more spamholes on the net than open relays, and even then it would have to be coordinated by real sysadmins who know their stuff. Clueless admins are (probably) in the majority and whether or not you agree with that little flippant comment, they will surely outnumber the people who have enough time, a spare machine, and bandwidth to run a spamhole.
This guy says that he has 'holed' over 50,000 spam messages. Well, not really. They will be retransmitted. Spending the energy on blocking spam from your users completely is a better bet, I think. Educating people and advocacy is a better bet. Spamholes will be just another 5 minute net curio.
Conversion Rate Optimisation French / English consultant
That's not what a 'spamhole' is around *my* office. Pfft!
"Lawyers are for sucks."
- Doug McKenzie
Will this send spam over to the 8th dimension? Let's not forget the inherent dangers of crossing dimensions shown in The Adventures of Buckaroo Banzai Across the 8th Dimension.
I see two potential problems with this approach, one more insipid than the other.
Haven't you only succeeded in sponsoring a low volume spam relay that not only delivers spam, but at such a low per-boxen rate that no one will ever be the wiser for it.
I see that even on your homepage you mention that a few spam emails might get delivered, but you are acting as a relay for a few spam emails times 50,000. You will eventually get blacklisted via OpenRelay RBL's.
I think if you sit down for a day and just watch your email logs, you will find that a lot of spammers don't bother to test a connection for open relay status. They just test by pushing as much email through it that they can as quickly as possible. Daily I have hundreds of attempting mail relay deliveries.
...which would make so many false open relays that the spammers wouldn't be able to tell the fakes from the real ones.
Then again, Microsoft would fuck it up somehow so a simple buffer overflow would make the thing actually send all those messages that were supposed to be accepted and then shitcanned.
monkeys.com used to have one, until the spammers DDOSed him.
Several other people are still running proxy honeypots with great success. They are a great resource for finding out which ISPs harbor proxy hijacking criminals.
For all of you, who think spammers will check whether the proxy works first, spammers do no such thing. They actively scan for open proxies and immediately start blasting away. That's just like with spamming. You really think spammers check every Email address on their lists is real?
Proletariat of the world, unite to kill spammers. The more painful and slower, the better.
In Soviet Russia, I ruled you
Protect yourself. Try and use proxies or a super good second browser with proxies that you never log into such as Opera (which makes it very easy to delete all private data). Thank you.
Or, you could just place a little less emphasis on what seems to be your lifelong goal of participating in Slashdot threads.
Since it seems that a lot spam I get comes from my e-mail address being on my homepage, I've toyed with the idea of putting two address up on the page
like dan@example.com and danc@example.com since danc only exists as a harvestable address any messages that show up at danc are compared to the messages in the spool for dan and a 95% or more match pushes them both to the trash. Has anyone else tried this or something similar?
Run an open relay, the ISP detects it, launches nastygrams and prepares to blast your ass to Mars. Complain to the average ISP about the average spammer, and the spammer is still spamming through the same ISP 6 months later. Hmmmm.
Perhaps this can be used to trace them down, I am a tad doubtful that this would really work, however, it could be used to catch folks who test for these and try to use them, thereby identifying potential spammers. Perhaps, a follow up email to ISPs getting them disconnected for life (hehe)?
photoplankton
Everyone being blacklisted for using this might have the nice side effect of making more effective blacklists :)
Everybody is complaining about spam. And at the same time almost everybody comes up with yet another brand-new-weired-looking workaround. Why the hell?
May I suggest just doing a few basic things:
1) Make a law (if your country doesn't have one already) which makes it illegal to send emails with forged FROM fields (= email addresses you don't own)
2) Slightly improve RFC2821 (smtp): Convert the optional ssl layer to a mandatory one. An smtp sender should only allowed to send mail to a server if
a) it uses an ssl encrypted connection and the Hostname in Reverse-DNS matches the name provided with the ssl certificate OR
b) it uses username and password to login into some kind of mailaccount
3) Sue spammers violating law 1) to hell. If you want to find them, you only have to look at the ssl certificate used for the connection.
Yes, I know this prevents everybody from having his own pretty little smtp server. No, I'm perfectly well with that. Use a provider.
Yes, ssl certificates are expensive for now. But any serious provider should be able to afford one.
there are two major issues unsolved by this.
This does nothing to address the traffic/bandwidth usage. I've seen spammers continue to hit mail servers for several years (yes YEARS) after they were locked out, they just don't care. The bandwidth costs become seriously problematic.
and the second thing, sort of the first, or related, is what the issue never getting addresses about EGRESS filtering.
Now if everyone, or at least every major ISP would actually use egress filtering, the spam problem would be reduced by, probably, at least 80%.
Here we are talking about this same stupid issue years later, with the same stupid suggestions and the same stupid ideas, over and over and over again. But no one listens.
The other way to combat spam is one I mentioned years ago, and on slashdot many times, in fact, almost every time this subject comes up, which, by the way, is getting more and more frequent. Anyhow, it was an online database of known spammers, by domain and IP. Two seperate lists, one IP, one domain. IPs are by class-C (/24) minimum. It would work if it was pseudo-public, and open, and everyone would keep updating it.
but no, people say "yeah, interesting" but does anyone really get involved? no.... sigh...
My predictions: we'll see this spam issue more and more often with more and more so-called "brillant" solutions like honeypots and crap like that. But will anyone really want to *DO* anything about it? nooooo..... and we'll keep talking about it for eons... nobody cares...
It lets you set up a temporary forwarding address, which can be very useful for those "free registration" things that just scream "SPAM!".
It may cause spammers dificulty, but what about the server you run it on... what keeps it from ending up blacklisted on ordb and the like, and then becoming inaccessible to all those people out there who have vigilant sysadmins and good firewalls?
"Beer is proof that God loves us and wants us to be happy." --Benjamin Franklin
Spamhole is the name of a temporary e-mail redirection service, good for those times when you need to submit an address for a verification code but don't want the company's spam to fill your inbox afterward (why would you?).
It seems from peoples comments here, that this simply will not work. If nothing else, you'll appear to be a relay and will get blacklisted.
So, how about this... change smtp servers so that it appears that the server is on a slow connection. This could be done by putting in a delay before send the ACK for each packet recieved. For legit messages, this wouldn't be much of a problem as volumes would be low. However, for spammers, who are relying on sending 1000s of messages per second, the added delay would become a problem for them.
Of course there is a problem with long legit messages. But in this case, just make the deley dynamic - the more packets recieved for a message, the shorter the delay.
For an ongoing summary of ideas:
Junk Mail Guide
I welcome feedback & ideas...
I believe there's a good solution
that's still waiting to be found.
Don't give out your real email address to the spammers. If you ABSOLUTELY HAVE TO use your email address for something, get an alternate email address, get the password you need or whatever, then switch to your main one or just don't switch at all. Multiple email accounts = good. ^_^
Some ISPs are very vigilant. They have a take-no-shit attitude towards SPAM and/or hacking. They'll actively watch for it, shut people down, respond to abuse complaints, etc. Some just don't give a fuck, and won't stop it unless it interferes with their network or someone comes after them with a big enough stick.
So just because you've dealt with an ISP that is in the "don't give a shit" category, doesn't mean there aren't other ones that will be very responsive.
So as the project grows, people will sell lists of these "open relay's" This way, spammers can use different SMTP servers to send there mail, making them more difficult to track. A few IPs and a few email accounts to check when the spam hole stops working, and they could actually use these to there advantage.
I'm currently having troubles getting legit emails through to AOL customers. From what I've read in their SPAM rules, if your domain has an open relay, they will block your email. So if you set this up on your domain, you might hurt yourself more than the spammers.
There was a plan mentioned on /. a while back which goes something like this:
Modify the SMTP protocol and MTAs so that when a message is sent, the mail server replies with a math question. The mail client then works it out, sends back the answer and everything is great.
This would work wonders, as spammers couldn't send millions of mails if each one took a second or so to calculate.
So what happened to this plan? It wouldn't require a complete overhaul, just some tweaks -- we could_ halve spam in a year with this.
I am willing to contribute to this, having some GB/month to spare, and hating spammers... but what Im wondering is how much bandwidth this might cost?
As I'm sure many of us that run our own mail servers have found, I've got a good dozen addresses that have never existed to which spammers attempt to send mail. I get hundreds of attempts to send spam to these addresses each day. For a while, I was forwarding these messages to an RBL, but my mail queue just got too huge.
What I would like is a tool that hooks into Postfix (or whatever MTA; I use Postfix) that not only blacklists the sending IPs on my machine, but even reports the sending IP to an RBL. At a bare minimum, this would be a useful tool for me, since it would keep these spammers from proceeding to send spam to any other addresses on my server. At best, this simple method of confirming that a spammer is a spammer could help to reduce spam on the whole.
-Waldo Jaquith
The downside to this is that a few SPAM emails may actually be delivered by your spamhole. Such is the price to pay for tricking the spammer into continued use of your 'open relay'.
Yeah, that and getting your server and/or organization blacklisted when anti-spam services/software check to see if your server is an open relay.-B
It seems to me the reason people spam is because it is cheap to do. Sending out hundreds of thousands of emails for next to nothing.
What if everyone who got spam took 5 minutes a day and replied to a few? I am not saying they need to actually be interested in the pitch, but just send a nice polite letter saying you are. Could you send me some info by postal mail? Do you have an 800 number I can call? Could you contact me with greater detail to this question? Now, the spammer has to invest some time and possibly some money.
Millions of people get spam. If a small percentage would do this, would it deter spammers?
I don't believe honey pots will be able to solve the problem. I believe in attacking the economics of spam. Make it not worth their while to send it in the first place. Here's one case in point:
I have been the victim of a spam which used my e-mail in the forged From line. I have been receiving all the 'undeliverable' bounces as a result. Of course I got fed up and decided to do some research.
I picked out the origination IP from the header of the attached bounced mails (always valid) and did a port scan on then. I found most of them infected with the Jeem trojan.
Well, this explains the open relay. I gave up complaining to ISP's about their subscribers who have trojaned systems. They don't seem to care. I suppose it's time for vigilante justice.
The Jeem trojan opens up an e-mail relay on a random port and a control connection plus an http proxy on their own random ports. Time to fight fire using the same fire.
After 'safe browsing' the web sites listed in the spam mails, a lot of them have form information (usually requesting credit card info). Why not use a program that uses a trojaned system's HTTP proxy to send invalid data as the form contents. I was able to send URL encoded form content based on the form's fields which easily bypassed the form's javascript validations. In return, I get an expected confirmation screen. Hey, maybe they just got one invalid response.
Now, if this can be done often enough, maybe the ISP will see the traffic and suspend the account of the trojaned system. In the meantime, the source of the SPAM gets a lot of invalid info to filter through. When I say invalid data. I don't mean 'asldfhhfsdf' and such. I mean real looking names, addresses, CC numbers, etc.
I know there are flaws with this idea, but I don't see where it wouldn't start becoming a thorn in their sides. The Jeem trojan can be controlled remotely. I wish I knew the remote commands to turn them off. But, if we use their known trojans against them, maybe they'll turn them off for us.
1: They'll get blacklisted.
/dev/null.
2: The spammers will eventually be able to find a way to test it first (like they have with everything else.)
3: It'll just suck up bandwidth and dump it to
4: Even if the idea did work in theory, there won't be enough people believing in the idea to make it actually work.
-- I am. Therefore, I think!
It was on an ancient DGUX system and I was having a bear of a time upgrading sendmail. Management had no clue they were running an open relay. -- "Whats that?"
So I stopped outgoing mail every night at 8pm, cleaned out the queues in the morning and restarted outgoing mail.
I had to keep the legitimate stuff but that it was not a problem figuring out what was legit and what wasn't.
After a few months I was able to install Red Hat -- end of problem, at least for a while..
Well, compared to the numbers this site used to have, anyway. There are other sites that do a better job. Once taco starts caring again or steps down for someone who does, this place might start to smell better.
Well, it's just an idea a friend of mines had some time ago and that could possibly work.
The idea is that instead of filter and trash mails from spammers (with any antispam sw), these mail messages should be fed to a software that extracts all web sites mentioned into them. Some kind of P2P network could then exchange these lists of websites and attack them with DOS. If the system spreads enough, when a new message is sent by a spammer his website will be flooded by millions of bogus requests (slashdotted), this antispam agent should just open a connection and keep it open without doing much traffic.
--
This is not a sig.
Most ISPs now block port 25 so open relay spamming is on the decline. It is also part of the reason AOL implemented their blocking of non-registered or recognized mail servers. ISPs that do not often times do not are considered "Spammer Friendly" and placed on just about every BL out there for their IP block. (This also has the added advantage of curtailing SMTP engine toting virii) As also pointed out Email test probes will be added to the Spammer's aresenal of Poopsmith tools to verify they are able to send their shit out. This could however have a slight benefit of flawing their business model as it requires more time be invested for active true open relay verification and their email be routed through a mail server which might have spam filter running which may help to flag suspicious accounts sending the same or similar Spam to their box frequently.
What this also could be useful for is legitimate mail servers helping to track down Spammers as it runs the blackhole open relay to everything not in an approved IP scope or authenticating. Possibly allowing the single test email being routed back to the domain of the IP attempting to send and if a flurry of Spam comes reporting the IP to the abuse department of that domain along with the total attempt of Spam sent to the bit bucket. This could catch Spammers who get their email from their own servers and email from their ISP's mail servers or Spammer friendly servers to be BL and/or shutdown. Would be an interesting project as Spammers have to look for more ways to send their shit out and not use their ISPs mail servers and be shutdown. Lots of different ways to play with this program and the application of it to attack the business model of the Spammer and lure them into stupid mistakes that may lead to their imprisonment like they deserve so they can meet Bubba.
-1 Overrated (Too many big words for me to comprehend)
I think all commercial and bulk email should by law be only sent from some new top level domain, ".bulk" for instance.
All mass emails coming from this domain are perfectly legal.
But...
Anyone who sends mass emails or soliciting emails from anywhere else can be sued for one million dollars per email.
That should be enough incentive for lawyers to gather evidence against real spammers, protect free speech, and give the users a real way to opt out.
In the discussion it has been mentioned again that spam should be fought by reducing it's value to the spammer. But I wonder, what is that value really? I wonder if it's always just people responding, or if there coud be other benefits for the spammer. Like who will respond to the garbled messages spammers sometimes send around (P*E,,n1_S etc.)? I really wonder, can there be other value besides people actually buying the product (or trying to, thereby revealing their credit card info)? Maybe the spammers are up to something completely different, that nobody has quite figured out yet? Ie for one over the top idea, maybe it's all just anonymous communication of criminal groups, and in P*E,,n1_S, the * and ,, are some kind of code?
It's false to suggest that the spammer would have "no idea" that the relay wouldn't be passing on his spam. All he has to do is include a throw-away email address he has access to in the mail shot, if it arrives the relay was good.
Spamhole would have no way of knowing which of the millions of addresses being spammed was the relay test address, so it would be very hard to cirumvent.
Granted you may still cost the spammer some wasted time, but each relay is only going to trick one spammer one time, if they're smart.
Spam will go back down to a tolerable level when:
All mail exchanges require authenticated SMTP
When legit MTAs are all properly registered with DNS entries. Reverse-lookups on MTAs that don't resolve are usually spam. When we tried to implement this on our mail server, incoming spam decreased by 80-90%. But, our false postive percentage went up to about 2-3% because of lazy or ignorant or poor sys admins not registering their MTAs in the DNS. Maybe we can help evangelize proper MTA registration and hygeine amongst the poor and indigent .orgs, small businesses, and ill-equipped net denizens, eh?
You might see this revisited again if I get my mojo on for it.
I might know what I'm talkin' about, but then again, this is Slashdot...
This only seems like a good idea until you realize how dumb it is (i.e. spammer sends a test message).
Must-not-watch TV!
much of spam, if you reply to it will result in your response being bounced back to you. they don't want to hear from you -- they want you to generate 'points' for them by clicking on the contents of the mail, believing it to be worthwhile. many of them get points for clickthroughs but a lot also get points just if you view the message and cause some images to be called from servers which track where the image was being requested from, so just looking at some spam will verify for the spammer that you exist on the other end. if you want to cram the spammer, you should just bounce back all their crappy spam but keep in mind that clogs the net, too. and most spammers don't even keep track of if their messages are bounced back to them or not, they keep sending anyways knowing that there are programs like mailwasher that give windows users options to bounce all their mail. they obviously can spare the time and throughput it takes to spam so many damn people that they can ignore the 'bugs' and just keep amassing larger and larger mail lists, and probably not hit a 'bump' until they are at around the 100,000 address mark. so, the idea of also wasting human time and ingenuity in responding to spam conversationally is bad.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
try Enkoder (also available as an OS X app), which converts your mailto: link to a javascript thingy which works correctly but cannot be read by bots. It's free.
Science fiction for grown-ups...
I'll keep saying it -- spam is not a technical, political, social, spiritual, or financial issue. It 's a "people" issue. It boils down to a human being saying or thinking "The rewards of sending spam outweith it's risks", making a choice, and pushing a button that makes it happen. To convice the spammer otherwise will require a different approach. What the ultimate solution is, I don't know, but (for most human beings) pain, and the fear of pain, is a very powerful motivator. Obviously, no "civilized" ruling entity would ever approve or condone such an approach. Well, except for the KGB, the Mossad, the Taliban, the 3rd reich, various South American governments, some Islamic states, the Chinese, the French revolutionaries, and probably one or two branches of the US "intelligence community". Did I leave anybody out?
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
If it looks like an open-relay to a spammer, why won't it look like one to an ISP? I really don't want to risk getting my company tossed off of the net because some nerd at my ISP refuses to believe that I'm not running an open relay...
We all agree that the SPAM Problem exists. It has not been solved yet only because it is not a problem for the people who could who really have the power to solve it ;)
In other words, lets create more open relays and double or triple the amount of SPAM.
My point is that we have got to reach a critical mass point before it explodes.
Right now the SPAM just slowly expands and adapts
.
I break Robots for a living
i think it's a better idea than responding conversationally as another user suggested we all do.
i would join your distributed network if:
1. the 'attack' (hereafter referred to as 'distributed activity') could not be construed as malicious, i.e. "we thought they really wanted all of us to request that url at the same time repeatedly and frequently -- why shouldn't we?" collective ass should be covered by pointing out that the recipient of the distributed activity was actually hoping to profit from it and expected it, just look at their business plan. if they weren't ready to do business with the world, they shouldn't have advertised.
2. any people hoping to beat your system couldn't just put urls they hate, or your favorite urls, or slashdot.org, into spam and mass-mail it, hoping that the system will turn against you. there would have to be some official board set up to verify that some spam was definitely spam hoping to profit by ignoring the recipient of the mail's concerns, and that they aren't just trying to juke you out. i suppose they could maintain and share spam blacklists as already occurs for some products and services, and use those as the basis for the distributed activity.
3. the program would have to intercept the url request responses and ditch them. i don't actually want to process the content of the site, i just want them to have to do the work of sending it to me and the 1,000,000 other participants in the distributed activity.
that being said, i'd like to sign up for your distributed activity as a beta tester.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
If you linked spamhole to a real mail server's authentication scheme, you could toss any mail that also appeared on any chosen spamhole. As long as a spamhole is not identified as such by the slugs that spam, a fairly quick culling of the spam from legitimate servers can occur.
Fast machines, powerfull AI, impulsive invention,... All I lack is a good espresso machine!
retaining the original To: address for reference.
Lovely. So, spammers can install a spamhole and obtain the lists that all the other spammers are using to add to their database. At least that should stop the spam from people trying to sell their email lists. . .
This comment was generated by a squadron of trained super elite albino ninja chickens for you.
This was a Slashdot article on November 17./ 17/22 47251
http://ask.slashdot.org/article.pl?sid=03/11
(sorry, I'm a text-mode bigot.) I'd been thinking about this concept for a few weeks, and about submitting it to Slashdot when someone beat me to the punch. IMHO, it can be developed into a great idea, but needs some work. (That's why I hadn't submitted it, yet.)
This is kind of like the War on Drugs. IMHO, the War on Drugs is more dangerous and has worse side-effects than the drugs, themselves. Current efforts to fight spam are focusing on the spam, and are just breeding more clever spammers.
We need to take the war to the folks who advertise through spammers.
We need to harness the Slashdot effect for Good, instead of Evil.
The purpose of spam is to connect me to someone selling something. So let's connect. Let's ALL connect. Imagine a client that can go through my Mozilla (or Thunderbird) spam folder, and start accessing, via email or http. They would not be prepared for the volume of response.
So let's take these poor folks who advertise through spam and HELP them get to their tarket audience more efficiently, primarily by not targeting so many people who don't want their advertising. So in the auto-response is some sort of tell-tale, "LEAVE ME ALONE!!!" words that they can understand. Kind of like a 'Do not call' list, but more like, 'Do not call, or else!'
There are two downsides:
1: It generates extra net traffic, and might be even worse than the spam itself, in this regard. Such a spam-auto-response client would have to be carefully tuned, initially on the light side, and ramping up.
1a: A variation on this might be the tar-client. It would take a fudged TCP stack, but imaging not ACKing packets, or delaying ACKs to slow the traffic and tie up the connection. Harder to do than a classic tarpit, but something might be possible.
2: I could see spammers adding extra response addresses in to their advertisements, just to discredit this type of effort. I could see them adding links to the likes of IBM, Microsoft, and US government institutions so users of the clients would be responsible for a DDOS attack. Some sort of whitelist or extra filtering step would be needed, and any sort of whitelist would come under attack by spammers. (THIS is why I never posted.)
The living have better things to do than to continue hating the dead.
This is a more interesting approach to fighting spam: http://smtpnic.org
Why?, well, because if you know how to install popfile, or spamassesin, or whatever, spammers are not interested on you. you are not going to buy them anything anyway ... so they just don't care. They care about all those windoze people outthere.. the kind of people that has a hotmail account, they are the only ones who can beleive theit shit. So, they are not going to stop SPAM. Even if we find a definitive techical way to block it, they will start to SPAM other systems, like MSN / ICQ, forums, etc,etc,etc. So, i suggest that we stick with spamassesin, and just forget about SPAM. For me, SPAM is just a few gigabites of montlhy transfer. I don't receive it, my custommers does, but who cares?, it's their fault. As i was satying, just transfer, ignore it, they won't stop spamming, it's a too fucking big business for them to just drop it.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
If people would STOP purchasing products from spam, and hit and run marketing the spamers would have NO incentive to spam!
Also, as a defense until people gain awarness to the simple solution, wont the new Internet protocols fix this problem? IV6 that is?
later...
alligator
So you write a program that sends a few select messages through the 'spamhole' to known good addresses, such as the spammers own, which not only verify that the relay is operational, but also trigger a mechanism to send the spam load through said relay.
This way, the spammer only has to send minimal messages to test relays, which then in turn do the dirty work automatically
"so, the idea of also wasting human time and ingenuity in responding to spam conversationally is bad."
Perhaps it is, but technology alone doesn't seem likely to stop it. We use SpamAssassin on our server, spam tools and filters on our clients, and still some spam filters through.
I am not sure I agree with the idea that they don't won't to hear from you. Somebody, somewhere is looking for a response. True, sending a reply might get bounced back, but the reason this stuff goes on is because it is economically viable. If they lost money every time they did it, spammers might go away. I don't claim this is the solution, just one possible method to try.
coule be developed a bit more. We all install a spamhole on our PC and then they all P2P themselves together to form, what I have decided to call, a 'Spamnet'
When one of our servers detects a spammer it communicates this to all it's little peer friends and they launch a DDOS for a few minutes. If the same spammer hits the same (or another) node in the Spamnet he gets hit for longer etc.
It's not a perfect idea (and probably illegal) but it would certainly get the attention of whoever is responsible.
Just set up spampot.py, a similar program written in Python. Details, if anyone's interested, are here. Still waiting for a hit, but it's only been up since Saturday; firewall logs show I get probed about once a week.
Carousel is a lie!
I like this idea for Mr. Ralsky - send a Christmas card
Google for 'honeypot' or 'proxypot.' In fact, Security Focus ran a series of comprehensive articles on honeypots, one of which is here. There's also a huge web site devoted to nothing but honeypots at this link.
Proxypots are a variation of the honeypot idea. A proxypot pretends to be an open proxy server which, instead of actually passing traffic sent to it, simply logs what's going on and sends the actual traffic to a specific destination specified by the proxypot operator. This can be Dave Null's in-box or anywhere else said operator wants.
Details of proxypots may be found here, and here, just to name a couple.
Keep the peace(es).
Bruce Lane, KC7GR,
Blue Feather Technologies
I worked for a DOD sub-contractor that was writing such "Blackhole" scripts to block email nukers exploiting military mail servers back in the day (circa 1997). It will help, but its not a cure all.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
If you have someone on hand as tech support and the like, whats wrong with a tray icon flashing and asking them to approve a message? If it looks like a test message, let it through and whitelist the reciepient address. If it's spam, it disappears.
Oddly enough I have configured a similiar "feature" on Exchange over a year ago. Microsoft calls it a Mail Sink.. It requires some hacking but it serves the same purpose. Microsoft Knowledge Base Article - 315631
Just alter the mail RFC so that all e-mail must be at least 1 megabyte. Then it will get really expensive for the spammers, people with open relays, or ISPs which choose to ignore spam from stolen dialup accounts.
i don't think your suggestion is viable as a way of economically bogging the spam industry, due to the fact that there are very few spammers who really 'care' and many don't speak english.
as sure as you are that they're waiting to have a hallmark moment with their victims, i'm equally convinced that they don't even have an 'inbox' feature on their mass-mailer. it's too tedious to care what people say or want -- that's why spam is what it is, an annoyance that won't go away.
i'm not saying that your ideal of there being some kindhearted spammers out there in singapore is wrong. there might be, but addressing them in the hope of it causing them financial distress seems to be pointing the wrong shooter up the wrong hole.
first of all, if i did find any kindhearted spammers i would assume that they were actually employing some new emotional honeypot method. they want me to think they care, so i won't try something more drastic or painful.
but, if some spammer and yourself exchanged a few poorly translated words and got to know one another's concerns, i guess i would hope not that the conversation was intended to financially hurt anyone but rather was intended to emotionally hurt them. if you really actually find an open port to some spammer's heart, you should try to request they use their powers for good and crash the megacruiser into the death star.
i mean such an opportunity to touch a spammer's cold, spongemold heart is not going to be very useful as a financial tool but might have some purpose as an ideological one.
all this applies as well to the idea of passing yet more flailing laws against various forms of data or transfer. all that nonsense has to stop because frankly it's not how the internet or computing were formed in the first place. nobody 'cares' about abuse of laws to stifle what amount to annoyances, not actual damages. you don't have to open your inbox or accept mail from anybody not on your exclusive list of expected senders, but the stupid ass legislation gets passed anyways.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
I'd like to subscribe to that honeypot's list of sender addresses, putting them on a list of addresses that require authentication before handling their messages.
--
make install -not war
And if I run a spam hole how do I communicate that to my ISP. They will shut me down if I am found to be running an open relay..
Interesting idea, but its better just get people to close up their real open holes....their mail servers too..
Spam is of no value to spammers (or anyone else) whatsoever.
;)
Spamming is sold on the hopes and expectations of the vendor/fraud. Either the vendor profits or they don't.
If they don't, there are plenty more idiots looking to get-rich-quick (blame capitalism
Anyone employing a spammer is as guilty as the spammer, and should face the same punishment (torture ideally).
With my own honeypot I was once able to collect 36 million spam mails over a periode of four days. That means I have (hopefully) stopped more spam mails than I will receive in my entire life. So I did my share of the spam fighting. And hey, I don't worry about those emails from spammers threatening to kill me.
Do you care about the security of your wireless mouse?
I have add spamhole to the eigenpoll at http://all-technology.com/eigenpolls/spamsoftware/
The result so far is:
Options Score Ranked by
sa-exim 0.717 1
Outclass 0.557 1
Mail Scanner 0.518 2
spamprobe 0.41 4
POPFile 0.41 1
SpamBayes 0.387 5
SpamAssassin 0.369 10
Vipul's Razor 0.004 0
Blackmail 0.004 1
bogofilter 0.004 2
Infinospam 0.004 0
Spamthis 0.004 0
Shovel 0.004 0
SpamBouncer 0.004 1
Declude JunkMail 0.004 0
spamhole 0.004 0
The p2p DDos attack has a beauty about it, I was thinking of the bodies own immune system. An antigen is spotted (spam) it's location is tagged and then everything piles on to smother, engulf and destroy it. Current solutions always seem to fall into two categories; Blacklist the spammer (which isn't working) or cleanup the mess he makes before it hits people's inboxes (merely cosmetic) - I'm entirely discounting the whole "Let's redesign the email system" as it'll never work.
People are quite happy to install quasi-legal software such as Kazaa currently. Make is spyware and bundle it with freeware, naked celeb videos and "Click here to install" whatsits on websites. The stupid people click to install the problem, the stupid people then click to zap it.
obviously, I'm not the only one who's noticed the flaws in this idea. That said, I think I've already seen the perfect solution.
It was a few years ago here on slashdot, and somebody came up with the idea of making e-mail more expensive. For every recipient of every e-mail sent, the server has to perform some calcuation sent by the receiving server. For normal e-mail, and even legitimate commercial e-mail, this small calculation isn't a problem.
For spammers on the other hand, those 500 e-mails now take 5 hours to send because of all the calculations the server has to perform. This would make profiting from spam nearly impossible, given it's ridiculously low response rate.
OF course the only problem with this solution is getting it implemented. Would require a major modification to the existing e-mail infrastructure, and probably didn't look worthwhile back when spam wasn't as pervasive as it is today.
Sending spam is legal, ethical, and basically a good thing
you're absolutely correct. Use the spamnet to gather potentially dangerous IPs and then distribute them. Allow the mail server admin to decide what to do with the information. P2P model would allow a large net to be thrown and then also prevent a single attack point for those wishing to stop the distribution of the list.
I don't see why they don't target the businesses employing spammers, they're easy to find and most of them (unlike the spammers) are in the US. Make it illegal to use spam, and noone will employ spammers. This feels so obvious its probably already been mentioned mind you, or shot down.
...at least the one I setup does. Try mail.koralta.com, I have it setup with an open relay. However, nothing is really relayed. What does happen is a parse of the messages to sift out IP addresses. The injecting IP address and the IP of any http references are automatically sent to ORDB and abuse departments of the upstream ISPs. The kill ratio is fantastic. Here is the problem. I had to throttle back on the reports because it just became ridiculous. There was more mail created by the system of reporting than there was by the spammers. It really is just a cat and mouse game. So far though, I've had my share of mice. :D
Using "spampot" my only meassages:
:::::::::::::: ::::::::::::::: 7bit
:::::::::::::: ::::::::::::::: 7bit
data/spampot/2003-08# more new/1061044*
new/1061044252.1681_0001.eternal
SMTP-Date: Sat Aug 16 16:30:52 2003
SMTP-Sock: XXXXX:125
SMTP-Peer: 195.228.253.44:27125
SMTP-Hello: 195.228.253.44
SMTP-Mail-From:
SMTP-Messages-This-Connection: 0
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
Message-ID:
To:
From:jackbran3@hotmail.com
Subject: group4 is all over
Date: Sat, 16 Aug 2003 09:51:58 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding
049057053046050050056046055053046049053048
new/1061044303.1681_0002.eternal
SMTP-Date: Sat Aug 16 16:31:43 2003
SMTP-Sock: XXX:125
SMTP-Peer: 195.228.227.189:2475
SMTP-Hello: 195.228.227.189
SMTP-Mail-From:
SMTP-Messages-This-Connection: 0
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
SMTP-Rcpt-To:
Message-ID:
To:
From:aliciadbethel@acmemail.net
Subject: group4 is all over
Date: Sat, 16 Aug 2003 09:52:50 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding
049057053046050050056046055053046049053048
----
So actually they check if the server works correctly... BTW the attached example shows, that they:
1. Searched for a simple proxy
2. Tried to connect to smtp servers in the same subnet from the proxy
so actually they don't want to find "open" relays but "semi-open" relays, , and those relays are not banned by most of the antispam lists (to reduce the number of false positives)
If you want to get fancy, you can also do a couple of hits on any URL mentioned in the email - you shouldn't robo-complain, because spammers often put real email addresses in the spam as well, but it gets a bit of bandwidth drain, exercises all the URLs that the spammer might be getting clickthrough from (which is likely to get the clickthrough vendor to stop paying the web site or spammer), and generally shakes things up a bit.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
BAN deer hunting licenses. Issue spammer hunting licenses instead.
Tell everyone that there's no limit.
Tell everyone that the season just opened.
Spam will vanish in about a month.
Shoot the damn spammers
If spamming is illegal, then surely paying someone to spam is equally illegal?
If you get one or two email within a configurable time frame (1 minute? 30 seconds?) the email goes through. If all SMTP ports were "honeypots" as such... perhaps the quantity of spam would drastically drop.
And, as a previous poster pointed out.. then you'd have all shards of glass looking for an SMTP port/service that wasn't so modified.
(That and I've always been partial to Mr. Gates one spam fighting idea.. delay sending of any one email by 3-5 seconds. Trying to send a million spam then becomes kind of a bitch.)
www.spamhole.net is blocked by SurfControl. I just found that out this morning (the day this story posted) when I tried to go there.
Stuff like that makes me wonder how quickly one could get blacklisted for actually using the software.
Just because it CAN be done, doesn't mean it should!
a) It is 100% likely that whomever wrote this CGI banger was doing so was just crafting a POST request and sending it... and that's it. No amount of checking environment variables or what have you can catch that as the entire transmission can be faked by watching what a real webbrowser would send (including session cookies)
b) Thus, the only way to prevent formmail from being abused is to make sure that the form fields should be treated as completely hostile, and the email should be recrafted explicitly to contain it. If you are expecting UTF-8 input on your fields, you should ensure you use a MIME-multipart mail format and set the appropriate encodings to prevent misinterpretation/errors in the client (cough Outlook cough). Otherwise make it all US-ASCII and strip out control characters or ones with special meaning from each form field.
c) Log. Log everything. Make the script rate limit itself too... there's always the possibility of DoS.
Fuck Beta. Fuck Dice
Have a phony account or two on your system that you keep email addresses on the web and usenet, use these email accoutn to gather spam to run into spamassasan to make its filter better.
filter all cable and ISP customer IP's. This would be much easier if the stupid providers reversed DNSed there IP's in a reasonable way.
Bad Name:
blabla.cable.east.comcast.com
blabla.dsl.sf.pa
Good Name:
blalbla.east.cable.comcast.com
blabla.sf.dsl.p
Spam Can
It gobbles up any e-mail sent on port 25 and logs everything from the e-mail itself, all the headers and the originating IP. It doesn't care where the e-mail claims it's comming from or where it's supposed to go.
I'm not sure why this is an "open" project since Spam Can was thrown together in VB in about an hour. The most difficult part was getting it to go to the system tray.
The obvious problem is that you can't run this and a real mail server at the same time. And real mail servers (like Mercury Mail) can already do catch alls.
And if you're not running a real e-mail server, why run a fake one to waste your own bandwidth? Good luck convincing millions of people to run these (without having a tell that spammers can look for) making looking for open relays not feasible.
Spammers also already know right where to get a valid relay; They get a nice e-mail from the infected machine.
Ben
Work Safe Porn
blocking SMTP traffic going elsewhere than their own mail server etc.
I guess that means if I have a webhost I can't use their SMTP server to send mail for my domain. Espcially considering my ISP has a crap SMTP mail server (As we speak Adelphia's SMTP will only let you send to the adelphia domain).
So what? The spammer could just send a few hundred spams before the actual test message. if the Test Message does go through, so do hundreds, or even thousands, of SPAMs. If it doesn't go through then the spammer gives up on that relay.
This is the most pointless anti-Spam system ever. In fact, its worse then nothing. If everyone was running these things then spammers would have an infinite supply of 'soft' open relays they could use to send hundreds of messages through!
Besides, most Spam is sent through open proxies, not relays now, and hacked machines.
autopr0n is like, down and stuff.
The spamhole could use a combination of Bayesian filtering with Hidden Markov Models to renumerate potential test addresses with exponentially decreasing returns, such that the k-tuple value Z1 was never equal or above the Nth degree of reductionist SPAM (SPre). This would thus allow network strategist to implement a theory-based approach to network spam usage, thus continuing ad-infintum the ARMS RACE.
too much work. what we need is a crazy person to start hunting spammers. crazy person to find alan ralskys kids swinging on the playground and take them out.
write your congressman. demand that they define a spammer as sub-human. then we can all go hunting. would be so much fun.
I have a web-form and use a simple PHP script that is hard coded to go through my mail server and my mail server requires a valid POP3 login from the username you plan to send e-mails with prior to being able to send e-mails with it. You get a short window of time once validated and even then you must send the e-mails from the same IP that validated the user name. So you can't figure out what e-mail address is being used, send a message from the form and then spam away with that e-mail address remotely.
And on top of that the function that sends the e-mail is seperate of the pop3 function so even if you managed to figure out how the script works, you still couldn't abuse it in any way shape or form. All the security depends on the mail server itself.
And then from my form the script that uses the SMTP/POP3 script can only send messages to a single hardcoded address. It also can't do BCC or CC's. I'm considering doing an anonymous e-mailer with it but I need to work out details before jumping off that cliff.
"that was an extra the customer had to pay for"
That should be an extra the customer has to pay to get ACCESS to. You should be logging regardless. It's just diskspace and if the customer isn't paying you can clear the old logs on a X day basis if nothing exciting is happening.
Setting up a secure form mailer is rediculously easy. And with PHP I can use my script anywhere. I don't need to set up funky permissions. I don't know what formmail is doing that could possibly allow it to be hacked in such a way that an attacker couldn't just go right to the mail server and accomplish.
Currently, my log analizer is custom made and logs all formmail attempts sorted by IP. It used to be pretty bad. So much so that I reported a number of people. That's died down now though since they've finally realized I don't have formmail on my server in any form. I don't even have Perl installed on my server anymore. PHP only.
Ben
Work Safe Porn
I've noticed a massive increase in the amount of Spam I've been getting in the past month or so, I guess in preparation for the "holiday season" or maybe the email apocalypse has finally come?
autopr0n is like, down and stuff.
The people doing Spam these days aren't stupid, which for some reason a lot of people seem to think. People shouldn't bother to come up with anti-Spam systems if they can figure out an easy way to counter this. The way to counter this is super-easy:
Send one thousand spams, and then one test message. If you don't get the test message, then it's a fake relay. If you do, then you've just successfully sent a thousand spams! I mean, come on. This system would have to at the very least allow one Spam message to get through.
And in any event, most spammers use open proxies now, not open relays. This might have done something if it were implemented in 2000, but now its useless.
autopr0n is like, down and stuff.
My fear would be a spammer (Spammer A) getting this, modifying it to not only block, but also log all of the e-mail addresses that the spammer (Spammer B) is trying to send to. Then, bam - Spammer A has just quadroupled his spam list.
You run the spamhole or whatever on port 25 and run the mail server on port 26. The spamhole does it's custom checking and logging while forwarding everything to your actual mail server. Outside it's completely transparent. I use RinetD to allow my mail server (coloed at a second ISP) to work on 2 ports to get around my home ISPs port 25 block.
But yes, I've done such a project myself and it is really quite pointless. There nothing it can do that my mail server can't handle itself. And I don't have a second system running 24/7 that would be worth putting my SpamCan on to see if people are attempting to use my system as a relay.
Highly unlikly considering the entire residential Cox network has outgoing port 25 blocked and I'm sure spammers are aware of that.
Ben
Work Safe Porn
Wow, the throw-away, automatically generated hotmail account that the spammer check once and forgot about. I bet you sure would feel special knowing that!
autopr0n is like, down and stuff.
For X-Mas sake! Just declare all SPAM a terrorist attack designed to make all people in America angry and disgruntled. Then sikk John Ashcroft on the spam bastards - they'll be destroyed in a week...
Hormel should be happy, as it applies to both UCE and SPAM lunch meat.
autopr0n is like, down and stuff.
There would be a lot of collateral damage, and probably throw the bush admin into a hussy fit. A conventional bomb would be fine for blowing up a house. You would need a pretty big one, though.
autopr0n is like, down and stuff.
The whole "honeypot" idea isn't exactly new but for those that haven't consider the implications of setting something like this up--it may not be a good idea to do it on your current mail server. While it will catch spammers, it will also get you on open relay lists and suddenly a lot of your outgoing mail may never reach the recipient due to anti-spam measures that many sysadmins place on their
servers.
Now if you have a static IP that you don't mind tainting, go for it!
Be vewy vewy quiet... I'm busy hunting spammers.
This seems to be a good idea, and while I would love to do it, I'm already running a mail server.
Is there any way that those of us that already have a MTA running on port 25 can run this too?
thx
I run my own mail server (sendmail currently, postfix when I get around to it). I create a virtual user whose name represents the site/mailinglist/newsgroup/etc I'm giving my email address to. I have over a hundred such users at the moment. For example, if I'm signing up for a newsletter at xyz.com, I create a virtual user like alan.xyz.com@mydomain.net. In this manner, I still get my newsletters and all is well. If they sell my address, or if my address is compromised in any way and I start receiving spam addressed to alan.xyz.com@mydomain.net, I know who the spammer got it from. From here, I can either create a new virtual user, update my preferences and continue to receive their newsletter, or (more likely) just nuke the virtual user and be done with it. No more spam.
/etc/mail/virtusertable every time I need to add another virtual user. If I ever get the time, I'd like to create/implement (is there one already written?) a nice web interface that allows myself and others to manage their virtual users. As it stands right now, only two of us do this on our mail server as root privileges are required. The other users in the 75+ domains we host would probably love this.
I do have a real email addres. I deny all by default, and only allow specific whitelisted senders through (friends, family, coworkers). If somebody sends me email to my real address, and they aren't whitelisted, a reply is generated that politely directs them to a form on my website. They fill out the form letting me know who they are. If I deem them worthy of sending me email to my real address, I add them to my whitelist. My own email address is not whitelisted. This prevents spammers from using my address in the FROM: field in an attempt to circumvent the system I have in place. If I need to send myself something, I do it from another virtual user.
If a whitelisted individual keeps abusing me (constant virus warnings come to mind) I just remove them. Ditto if some worm is going through their address book. If this happens, I create a virtual user just for them let them know that this is the address they have to use if they want to email me. If their machine gets compromised again, I just nuke the virtual user and create another one for them.
I haven't seen spam in ages. The beauty of using virtual users is that all email is delivered to one place. It makes creating rules that organize my mail easier as well. Currently, I have to edit
Anyway, that's what I do. I've been spam free for quite a while now. This doesn't address badwidth issues with spammers attempting to use my mail server as an open relay or attempting to send email to users that don't exist, but it has kept my inbox free of spam. Would educating the public be a better solution to spam? Probably, as spammers profits dwindle. Unfortunately, I have neither the time nor the desire to start any sort of information campaign. This simple technical solution works and only took a couple of hours to set up.
There's going to be some arms race with the spamware vendors, but running a zero-message threshold is good enough for a lot of the spammers today, and running a one-or-few-message threshold is good enough for a lot more, and unless spamholes become much more prevalent than genuine open relays, that's enough to kill most of the anklebiters and discourage some of the big vendors.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I don't think this will do much good by itself, but I can think of three things that would make much better:
1. Combine it with a proxypot so it looks like there is an entire network of open mail servers out there.
2. Involve legal authorities in designing the tools so the ttols provide enough logging to result in a slam-dunk conviction of the spammers.
3. Work with said legal authorities to have the spammers arrested.
Unauthorized use of mail and proxy servers is illegal. The problem is collecting enough evidence. A combined mail and proxy sever system could probably do that. Also, involvement of law enforcement could get one a special IP allocation that doesn't mind being blacklisted. [You DO want the honeypot servers blacklisted, after all: It will make them look more like the real thing.]
An engineer who ran for Congress. http://herbrobinson.us
And if your fake relay includes a bit of delay, say one second before responding to some of the messages, that spam will take a lot longer for the spammer to send out, reduce your bandwidth load, and (if you're tracing and robo-complaining to the spammer's ISP), give you longer to trace them before they vanish.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
If nobody bought anything advertised by spam, then folks wouldn't even use it. The fact that it exists tell me that somebody, somewhere, sent off money or value enough to fund the spam generated.
STOP IT!
1. Never ever buy anything from a spammer, and let all you friends know it.
2. Set up open relays that modify the messages sent by them at random intervals. Insert an educational advertisment letting the recipient know that purchasing anything advertised by unsolicited email is evil, and that they screw it up for themselves and the rest of us when they do.
*whup* "Get along, little electrons. Heeyah!"
You could apply the same kind of technique to spamhole - adding one second of delay per message to your SMTP responses is enough to drop a bunch of 3KB spams to about 24kbps (and almost all the bandwidth is inbound, so if you're on ADSL or cable modem with a slower upstream, it won't bother you, unlike a _real_ open relay which would be transmitting N copies of spam for each N-recipient message received.) More delay -> Lower bandwidth!, and you're wasting the spammer's time. You'd probably be better off adding a bunch of sub-second waits during the session rather than one long wait, in case it's checking for timeouts, or if you want to get fancy, don't do the waiting phase when you're giving the spammer their one free test message.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Open relays are an advantage to the spammer because they can dump one copy of the message lots of addresses to the relay and have _it_ expand them out to all the recipients, so they get a big multiplier effect as well as a layer of obfuscation. But if you only relay one message per spammer, there's no big multiplier effect, so there's not a lot of point in using a relay, and there's not significantly more spam in the world than if you didn't relay any. On the other hand, if you relay one or two messages and silently eat 100,000 more, there's lots less spam in the world.
And if your fake relay includes a bit of delay, say one second before responding to some of the messages, that spam will take a lot longer for the spammer to send out, reduce your bandwidth load, and (if you're tracing and robo-complaining to the spammer's ISP), give you longer to trace them before they vanish.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
This might slow spam, but it could easily increase spam even more. Every geek with a delusion that he's a bad-ass hacker would start trying to frame his enemies as spammers.
I wish it was as simple as intimidating spammers with the long arm of super techno-ninjas who would spike their Mountain Dew with rat poison. And said solution does have a really satisfying visceral feel. But like many things, it would be ruined by friendless queebs trying to turn it to unintended uses.
Anyway, shouldn't we save our true fanatics for attacks on the checkpoints around SCO headquarters?
Greg
Start a happiness pandemic
The ISPs that did this were trying to find anybody using SMTP at all, because that might be a *business*, and therefore should be paying them *much* more money than a home user, just as a few of the worst greedy cable modem companies blocked VPNs, and most of them block web servers because those might actual *gasp* use bandwidth. DSL providers that aren't run directly by local telcos are less likely to be that stupid, and some DSL providers have the clue that "Of *course* we'll let you do lots of interesting things with your bandwidth, that's why you're buying DSL."
Even @Home's employees mostly realized that Napster was one of the big reasons people bought broadband, so while their official corporate mantra was "Napster .. Bad... Destroy!", they were happy that it was around.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Yeah, "I know how to stop spam - set up open relays! Only they aren't open relays! And the spammers never know! They'll never know! Because we don't tell them! So they never know! And they keep trying to send spam, and it doesn't work! My sides hurt, I am giddy with inspiration!"
No, you are giddy from lack of oxygen. That is similar to letting people steal from you, so you can catch theives the next time they steal from you. Kind of stupid, if you think about it for a second or two. A much better idea would be to block open relays, and automatically block emails with random chars, Viagra, or "Remember me?" as a subject. Maybe include the words mortgage, pay, party, naked, sluts, girls, offer, free, special, ........., in the block list.
Seriously, who sends a legitamite email that has the word Viagra in the subject? Not even Viagra salesmen, I'll bet.
Unfortunately, there's some negative feedback here, because the kinds of people who'd run Linux and especially who'd run interesting applications like this one and who like attacking spammers tend to get their ISP service from clueful ISPs that are going to detect this kind of problem and work quickly to shut down spammer tools... The kinds of ISPs who don't care about it are usually the kind that you don't want to bother dealing with if you're more than a couch potato.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Maybe you spend some time detecting timeouts and avoiding hosts that don't respond quickly, but you can't overdo that or everybody will add that to their SMTP servers to discourage spammers. But even adding a second of delay at the end of a message is enough to crank your bandwidth drain down a lot and slow down the spammer's average load. And if the spammer is getting a 10:1 multiplier by feeding your relay 10 recipients per message, they won't be surprised if you're only accepting incoming spam at 10-12kbps because that'll fill up your average cable modem or ADSL upstream, and it'll happen by adding random delays to the response time. So go ahead and add a bunch of 100-200ms delays per packet (especially per RCPT TO or per line of message body, since SMTP handles data a line at a time.) If you want to add a bunch of longer delays, see how much you can get away with.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
But if there *were*, you'd *want* to be listed on it so the spammers wouldn't bother you. But then the spammers would guess that you were a Fake Fake Relay, and try out your machines anyway, so you'd need to fake them out again by claiming to be a fake fake fake relay....
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
What if every one created a hit or two per day to the web site selling the goods. 10x the bandwidth requred to keep the site up and no increase in sales. Would waste some of my bandwith but if we all did it...
I fail to see how setting up fake relays will really cause any prolonged resolution to the "problem".
This is analogous to saying, "Because of all the drunk drivers, let's build more roads!"
Joshua: A strange game. The only winning move is not to play. How about a nice game of chess?
I say we say "fuck it" to email and redesign the whole system. A centralized model, run by the postal service. Thus, the order is restored. The government can impose proper restrictions and regulations, and spammers will be held responsible for their actions. All at the price of a little freedom and privacy that's mostly a farce anyway, considering the FBI spent a little over 500 million on Carnivoring the entire net under the guise of the U.S. Patriot act. Get real people. There's no need to fight. You've been controlled your entire life, and you've never even known it. The solution to spam is simple. More laws, more regulation by the system. Otherwise it's us against them, and it's just soooo inconvenient to have to delete a few spams. As the parent post says, fighting it will just make it worse..
If you are a privacy advocate and you're lazy, you deserve to suffer. If you really value your rights and freedom you have to do something sometimes. In this case, you either fight the spam with local mail filters, live with it, or wait for the government to run the mail service and ban public/private SMTP networking.. This is the only real solution, as the parent poster so eloquently has proven. W.A.S.T.E.
Atollo, #1 Toy for 2003 in Consumer Reports!
#1 Place to Get Atollo:
Cool! Amazing Toys.
And so Spammers' automated scanners will.. ignore you because their message doesnt get through. Good for you, idiot.
-- 'The' Lord and Master Bitman On High, Master Of All
This idea won't work. Spam filters don't work. Bayesian spam filters don't work better than most, but they still don't work.
I worked in the research dept. for one of the first companies to offer mail/web filtering products (Content Technologies Ltd.) several years ago; we thought hard about a whole bunch of security issues including filtering. Guess what? It doesn't work!
But stopping spam is really easy provide you forget about this nonsensical idea of filtering. Here's how it should really be done:
By default, don't deliver mails from anyone. Instead, send them a reply with one of those image tests that only humans can decipher. If they pass that (i.e. if they are human), welcome them with open arms; provide them a unique private email address (cryptographic hash) by which they can contact you, that is only for use by them, and not to be disributed (they can give their friend's your public address if they need to). If they distribute your private email to the web and you get spam, disallow that hash, and they will have to re-sign up to talk again -- you warned them right!
The only problem with that is the inconvenience of talking to new people, and that you will need a quick way to create your own hashes for mailing lists and email newsletters, although RSS seems to be taking over for newsletters.
Have I missed anything?
Well the idea is nice (not new IMHO) , but has a big problem: SPAMmers use seeds in their lists (some call it spikes). They put their own email addresses into each list (let's say every 10.000th address is their own) so they know if 1. the list is stolen by an other scumbag, 2. they get a "ring" when 10.000 mails are sent.
... ahmm ... spammers :)
By the way, people put their own addresses in customer lists, so when their provider (or whoever else) steals their DB, they know who to go after.
Where do I know it from? - worked for companies involved in spamming - I admit, but i swear I never sent out 1 single spam mail, and I hate SPAM more than
If all mail where required to be pgp encrypted, spam would take a hit.
Consider the cpu power needed to encrypt 10.000.000 mail... costs money.
Many are argueing that spammers will be clever enough to eventually figure out which spamholes are indeed bogus. I think that might be fine. By making them spend the time to find, use, fail and retest you've made their life harder and their spamming more expensive. That's where the victory is, not in any given spammer failing long term.
If spamholes are used en-masse spammers will have to spend increasing amounts of time to find legitimate open relays. This is a similar approach to what the RIAA is doing with seeding P2P networks with trashed files. While once you download a song, you can see it's bad, you become frustrated and the value of the service declines.
We can't keep spam from happening, but we might be able to make it financially and emotionally not worth it. Part of this effort, of course, is educating people not to try it out or using technology to filter it away before some idiot buys herbal viagra. The other part is messing with their technology like this, calling their 800 numbers, pressing lawsuits that cost them attorney fees etc.
It's a guerrilla war, I hope we win.
No, actualy you are the one who's stupid. did you even read this article posted this very day? Spammers don't give a fuck about open relays. These days they are using open proxies and ownzored boxes. This won't cost them any time, and do some of their work for them. If spammers were truly idiots, they would have been stopped by the simplest filters and preventions. God damnit if anyone one of us here can think of a work-around, so can the spammers. And plenty of us have.
autopr0n is like, down and stuff.
This sounds a lot like OpenBSD's spamd program. Check out a possible use of it like spamhole.
ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
SpamHole.com also offers a cool 2 hour temporary email redirecting service. Very useful when signing up for things.
Hacking the Network