Slashdot Mirror
Spamholes Fighting Spammers
mike9010 writes "A person named I)ruid has come up with an ingenious way to combat those spammers. His program, spamhole, creates a false 'open relay' that the spammer thinks he/she can send messages through. The messages then get sent nowhere, and the spammer has no idea.
"spamhole is an open project. Hopefully, through user's and developer's contributions, we will amass a collection of spamhole implementations spanning all commonly used platforms, programming languages, etc. Ease of configuration and use are the primary objectives, for the easier to use by the non-techical layperson the implementations are, the more widely adopted and used spamhole will become.""
Spammer will just send email to himself to make sure relay works. The author claims that the defense against this is to allow the spammer limited access in the beginning, but there's no way to uniquely identify the spammer, and in any case, the spammer can just continue to include himself in the mailings, so he'll know when the relay has been configured to deny him access.
This system will only increase the number of open relays out there.
The story of the hare and the briar patch comes to mind. Is this the idea of a spammer who is pleading with us to please not create all these open rel..., er, um, spamholes?
Is this truly the only Earth I can live on?
It's not a cure but it's another small tool which might help a little.
Sig is taking a break!
This is not a bad idea though it could be abused. However what the author doesn't seem to realise that open relays may only account for 25% of spam. The rest comes via open proxys which mask the connection and mean that the mail server is receiving an SMTP session from a valid IP address. It might help a bit but at the end of the day the only good solution to fix spammers is hit them where it hurts in the pockets.
Of course that is easier said than done
Rus
Cheap UK and US VPS
Just watch the RBL's and ISP's shut down your IP block for having an open relay...
How are they supposed to know the difference between a spamhole and a real open relay?
"Kinky sex involves the use of duck feathers. Perverted sex involves the whole duck." - Lewis Grizzard
i think it will not work for two reasons:
a) as mentioned before, it is easy to probe the hole to make sure it really works.
b) i seriuosly doubt that the security team of any university and / or company would enable such a hole because then they might get blacklisted and no more email for them...
I can see this being a great "live" email harvesting tool for some spammers. Setup a spamhole and just sit back and collect the addresses that other spammers try to send to. A good majority of the addresses will be good and you don't even have to waste time harvesting. This could be a windfall for technically savvy spammers with a little time to waste. Good God. Here we go again...
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
for whatever reason you say it, I ask you this "What solution have you thought about and coded?"
Isn't the spammer going to know that the supposed relay is a spam hole if he includes an account that he accesses on his list and checks to see if he's received a message from himself afterwards?
Stopping spam is never the point of any prudent anti-spam action. Instead, anti-spam actions work by reducing the value of spam to spammers. This can be done by reducing click-through, reducing traffic and filtering that traffic which is out there. Always, spam will get through. The only way to combat spam is to reduce the profit margin and increase the time expense so much that it is worthless, and simply bad business to spam.
#define DRM chmod 000
If you put this on your site, and people complain about those 'let through' spams at the start, your entire netblock will be marked as a spammers paradise (and rightly so - how can the RBL's tell the difference?). Goodbye email.
...
Some RBL's do not allow changes to be made unless you pay a big fee, and you lose the fee if they consider the complaint genuine.
This sounds real risky to me
Simon.
Physicists get Hadrons!
Yes, that is true. BUT, it would be quite easy to write a script that sent itself messages through a relay, then when/if the message is recieved it would start spamming and sending itself a message every 10 or 50 times or so. If messages start getting lost it would mark that relay as dead and move to the next one. After a few people write this script (there are always many) it would work like clockwork and nobody would really even notice it happening. Remember, there is always a work-around.
I see two potential problems with this approach, one more insipid than the other.
Haven't you only succeeded in sponsoring a low volume spam relay that not only delivers spam, but at such a low per-boxen rate that no one will ever be the wiser for it.
I see that even on your homepage you mention that a few spam emails might get delivered, but you are acting as a relay for a few spam emails times 50,000. You will eventually get blacklisted via OpenRelay RBL's.
I think if you sit down for a day and just watch your email logs, you will find that a lot of spammers don't bother to test a connection for open relay status. They just test by pushing as much email through it that they can as quickly as possible. Daily I have hundreds of attempting mail relay deliveries.
Run an open relay, the ISP detects it, launches nastygrams and prepares to blast your ass to Mars. Complain to the average ISP about the average spammer, and the spammer is still spamming through the same ISP 6 months later. Hmmmm.
Everyone being blacklisted for using this might have the nice side effect of making more effective blacklists :)
And then, as an added bonus, spamhole could be written to watch for these email addresses. Now we've got a real email address for these bastards...
GPL made simple: What was my stuff is now our stuff. If you improve our stuff, please keep it our stuff.
I have to say, if I were a professional spammer I'd be using custom SMTP clients that didn't bother with stuff like "standards" and waiting on long timeouts and resending after a 450. All that matters is getting as much mail out as fast as possible, so just skipping hosts that aren't keeping up at a reasonable level would probably be the best option.
So as the project grows, people will sell lists of these "open relay's" This way, spammers can use different SMTP servers to send there mail, making them more difficult to track. A few IPs and a few email accounts to check when the spam hole stops working, and they could actually use these to there advantage.
1) Make a law (if your country doesn't have one already) which makes it illegal to send emails with forged FROM fields (= email addresses you don't own)
And when people violate it, you track them down how, exactly? Please explain.
Slightly improve RFC2821 (smtp)
What you term "slightly improve", I would call "change EVERY mail server and client in the world". Oh, wonderful solution. Even if this was pushed through today, it would take years (at best) to happen. As a much smaller-scale example, all new X.509 CAs that comply with PKIX (the IETF X.509 profile) are supposed to start issuing all their certs with UTF-8 on 1/1/04. This is been a requirement of PKIX since at least 1998. Not one single CA is going the change on the cutoff date. Not one. SMTP is thousands of times more widely used than X.509. You are insane if you think this is technically or politically feasible.
Yes, I know this prevents everybody from having his own pretty little smtp server. No, I'm perfectly well with that. Use a provider.
I am very glad you have no ability to carry out any of these actions.
Well, wouldnt merely locking them out cause mail to bounce?
But this Spamhole thing will at least make the Spam disappear at the first relay. Not bounce back. Not propagate on. It'll reduce some of the overall bandwidth usage.
Plus, from a purely users' PoV, whether it saves bandwidth is irrelevant. but if it manages to reduce the crap that hits their Inbox, then it's a good thing.
The database idea is great in theory, but it does sound similar to Blacklists. In so much as they have the same three potential problems.
(1) Point-of-origin isn't always clear. And that means that either faked domains or open/cracked mailservers may get added. And once on, sometimes it's hard to get off.
(2) Slightly less major, but there's always the chance that people get erroneously added purposefully - albeit through ignorance/laziness rather than malicious intent.
Especially if it's automatable, people have been known in the past to just flag up certain senders as Spam. When it's actually legitimate bulk-mail that they just can't be bothered from unsubscribing from.
(3) As problems with the RBLs have shown in recent times, all such a list/database does is provide a central "target" for Spammers to cripple. Unless there was a way of doing the database distributed, then they'd just get DDoS'd, and targetted by the latest worm payloads.
It's not that I think the idea itself is bad. Just that current implementations do tend to include rather serious flaws.
TiggsTiggs
"120 chars should be enough for everyone..."
Spam isn't the problem. Fraud is the problem. Legitimate companies don't send spam (or if they do, they usually learn their lesson). What's left is the criminals peddling worthless herbal cures, penis enlarging regimens and committing outright con games like the Nigerian spam. So lets spend a bit more money in the short term on law enforcement. Let's follow the money and put these scumbags in jail. Once the two bit operators understand the seriousness of their offenses, I think the volume will fall off dramatically.
Ok. So it won't stop the garbage coming from countries too poor or too indifferent to enforce the law, but it would help a great deal.
I'm not a nerd. I'm just here for the free food.
1: They'll get blacklisted.
/dev/null.
2: The spammers will eventually be able to find a way to test it first (like they have with everything else.)
3: It'll just suck up bandwidth and dump it to
4: Even if the idea did work in theory, there won't be enough people believing in the idea to make it actually work.
-- I am. Therefore, I think!
Yeah. The address will be ajksajkshs@yahoo.com, now what?
Even if the spamware doesn't detect this now, it will by tomorrow. As a mail admin, I current use 2 RBL blocklists, + hardcoded addresses for serious offenders telesp.net.br and shawcable.net + Bayesian filter. I still get spam in my inboxes.
Spammers aren't stupid, just evil.
It's been done. The Vipul's Razor portion of Spamasassin generates signatures from known spam. People feed spam sources into it.
The only problem is that dan@example.com would receive kretiv1y R/\N|)0/\/\][Zed di||erent tipes of spam. Twinkies limes in spain. \/|AGRA \/|AGRA \/|AGRA.
I thought that maybe applying pattern equivalencies, dictionary and grammar checkers to create signatures based upon "real sentences" would improve things, but before I could do it, randomized jibberish like this came out:
danc@example.com would receive kretiv1y R/\N|)0/\/\][Zed di||erent tipes of spam. Spanish onions defeat goliath squirrels. \/|AGRA \/|AGRA \/|AGRA.
I'll keep saying it -- spam is not a technical, political, social, spiritual, or financial issue. It 's a "people" issue. It boils down to a human being saying or thinking "The rewards of sending spam outweith it's risks", making a choice, and pushing a button that makes it happen. To convice the spammer otherwise will require a different approach. What the ultimate solution is, I don't know, but (for most human beings) pain, and the fear of pain, is a very powerful motivator. Obviously, no "civilized" ruling entity would ever approve or condone such an approach. Well, except for the KGB, the Mossad, the Taliban, the 3rd reich, various South American governments, some Islamic states, the Chinese, the French revolutionaries, and probably one or two branches of the US "intelligence community". Did I leave anybody out?
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Yes, I know this prevents everybody from having his own pretty little smtp server. No, I'm perfectly well with that. Use a provider.
I switched ISPs specifically so I could run my own mailserver, as my previous provider's (Comcast) were down more often than they were up and they had no accountability.
My server is locked down tight, I ruthlessly comb the logs and maintain my blacklist fervently. I can also create throwaway accounts on a whim to keep spam out of my 'real' account. The best part is, if there's a problem with my server I can fix it quickly instead of having to rely on someone else.
Having to do my own maintenance for the pleasure of having nearly spam-free mail and a reliable server is worth it. I'll see you in hell before I give it up.
If you want to get fancy, you can also do a couple of hits on any URL mentioned in the email - you shouldn't robo-complain, because spammers often put real email addresses in the spam as well, but it gets a bit of bandwidth drain, exercises all the URLs that the spammer might be getting clickthrough from (which is likely to get the clickthrough vendor to stop paying the web site or spammer), and generally shakes things up a bit.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks