Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spamholes Fighting Spammers

Posted by CmdrTaco on from the simple-and-clever dept.

mike9010 writes "A person named I)ruid has come up with an ingenious way to combat those spammers. His program, spamhole, creates a false 'open relay' that the spammer thinks he/she can send messages through. The messages then get sent nowhere, and the spammer has no idea. "spamhole is an open project. Hopefully, through user's and developer's contributions, we will amass a collection of spamhole implementations spanning all commonly used platforms, programming languages, etc. Ease of configuration and use are the primary objectives, for the easier to use by the non-techical layperson the implementations are, the more widely adopted and used spamhole will become.""

11 of 396 comments (clear)

  1. How can this work? by corebreech · · Score: 4, Insightful

    Spammer will just send email to himself to make sure relay works. The author claims that the defense against this is to allow the spammer limited access in the beginning, but there's no way to uniquely identify the spammer, and in any case, the spammer can just continue to include himself in the mailings, so he'll know when the relay has been configured to deny him access.

    This system will only increase the number of open relays out there.

    The story of the hare and the briar patch comes to mind. Is this the idea of a spammer who is pleading with us to please not create all these open rel..., er, um, spamholes?

    --
    Is this truly the only Earth I can live on?
    1. Re:How can this work? by kinnell · · Score: 4, Insightful
      but acts as a real one until the spam starts being sent

      Yes, but if the spammer sends test emails alongside the spam, they won't get through, and he will know it's a spamhole. This system will likely work well until the spammers realise that it is being used, after which it will be easy for them to hack their way around it.

      --
      If I seem short sighted, it is because I stand on the shoulders of midgets
    2. Re:How can this work? by Marcus+Brody · · Score: 5, Insightful

      This is a total Arms Race.

      The initial test email would highlight the spammers test email address. All email to this address would then be allowed through the spamhole, giving the impression to the spammer that everything is hunky dory.

      However, the spammer may use multiple test addresses, and the spamhole would not then be aware of these.

      Therefore the spamhole could check for any addresses that were used frequently/periodically, and mark these as test addresses.

      But the spammer could use a more complex set of test addresses.

      The spamhole could use a combination of Bayesian filtering with Hidden Markov Models to renumerate potential test addresses with exponentially decreasing returns, such that the k-tuple value Z1 was never equal or above the Nth degree of reductionist SPAM (SPre). This would thus allow network strategist to implement a theory-based approach to network spam usage, thus continuing ad-infintum the ARMS RACE.

      The result of this is that both spammers and anti-spammers remain in bussiness, spending exponentially increasing efforts attempting to thwart the efforts of the oposition.

      Definition of a game: "A constructed conflict with quantifiable outcomes"

      Ever get the feeling that the anti-spammers enjoy this whole malarky just as much as the spammers?

      Maybe the answer to spam is this:

      STOP wasting money and resources on using incresingly sophisticated anti-spam techniques. Re-direct this money into basic education for users, including short courses on:

      1. How to identify a spam (People are proven to be far better at pattern recognition than Bayesian models).

      2. How not to click on a spam.

      3. How to delete a spam.

      If AOL, MSN, and all other involved parties put a concerted effort towards this, then spam would soon get diminishing returns, and hence become increasingly unprofitable.

    3. Re:How can this work? by FiloEleven · · Score: 5, Insightful

      How about redirecting money into the hiring of Hit Men to get at the root of the problem? After two or three spam queens get knocked off, I think it may dawn upon the rest that spamming isn't such a good idea anymore...

      --
      Your brain is not a computer.
  2. Spamming method by rf0 · · Score: 5, Insightful

    This is not a bad idea though it could be abused. However what the author doesn't seem to realise that open relays may only account for 25% of spam. The rest comes via open proxys which mask the connection and mean that the mail server is receiving an SMTP session from a valid IP address. It might help a bit but at the end of the day the only good solution to fix spammers is hit them where it hurts in the pockets.

    Of course that is easier said than done

    Rus

    --
    Cheap UK and US VPS
  3. It's not going to work... by SuperDuck · · Score: 5, Insightful

    Just watch the RBL's and ISP's shut down your IP block for having an open relay...

    How are they supposed to know the difference between a spamhole and a real open relay?

    --

    "Kinky sex involves the use of duck feathers. Perverted sex involves the whole duck." - Lewis Grizzard
  4. will my head sysadmin allow it? by dummkopf · · Score: 5, Insightful

    i think it will not work for two reasons:

    a) as mentioned before, it is easy to probe the hole to make sure it really works.

    b) i seriuosly doubt that the security team of any university and / or company would enable such a hole because then they might get blacklisted and no more email for them...

  5. Maybe this is just me being cynical... by CaptainTux · · Score: 5, Insightful

    I can see this being a great "live" email harvesting tool for some spammers. Setup a spamhole and just sit back and collect the addresses that other spammers try to send to. A good majority of the addresses will be good and you don't even have to waste time harvesting. This could be a windfall for technically savvy spammers with a little time to waste. Good God. Here we go again...

    --
    Anthony Papillion
    Advanced Data Concepts, Inc.
    "Quality Custom Software and IT Services"
  6. Re:I don't think this will work.. by cgranade · · Score: 5, Insightful

    Stopping spam is never the point of any prudent anti-spam action. Instead, anti-spam actions work by reducing the value of spam to spammers. This can be done by reducing click-through, reducing traffic and filtering that traffic which is out there. Always, spam will get through. The only way to combat spam is to reduce the profit margin and increase the time expense so much that it is worthless, and simply bad business to spam.

    --

    #define DRM chmod 000

  7. two potential problems by tacocat · · Score: 4, Insightful

    I see two potential problems with this approach, one more insipid than the other.

    1. Albeit minor, I've now lost my IP port 25 mail server. This is a big problem if I only have one IP address. I would still like to have a mail server, thank you.
    2. Spamhole only works as long as it's population is much less than the population of potential open relays. Spam hole will send ~2 emails free to allow some meathead spammer to verify the relay works. After two, or when rate exceeds some value, you /dev/null the traffic. Now you have a really popular tricksy and you have 50,000 spamholes on the internet. This will delivery 50,000 X 2 free test emails. Why not just use that free 100,000 emails to deliver spam instead.

    Haven't you only succeeded in sponsoring a low volume spam relay that not only delivers spam, but at such a low per-boxen rate that no one will ever be the wiser for it.

    I see that even on your homepage you mention that a few spam emails might get delivered, but you are acting as a relay for a few spam emails times 50,000. You will eventually get blacklisted via OpenRelay RBL's.

    I think if you sit down for a day and just watch your email logs, you will find that a lot of spammers don't bother to test a connection for open relay status. They just test by pushing as much email through it that they can as quickly as possible. Daily I have hundreds of attempting mail relay deliveries.

  8. Re:Nahh, spamd. by arkanes · · Score: 4, Insightful

    I have to say, if I were a professional spammer I'd be using custom SMTP clients that didn't bother with stuff like "standards" and waiting on long timeouts and resending after a 450. All that matters is getting as much mail out as fast as possible, so just skipping hosts that aren't keeping up at a reasonable level would probably be the best option.