Spamholes Fighting Spammers

mike9010 writes "A person named I)ruid has come up with an ingenious way to combat those spammers. His program, spamhole, creates a false 'open relay' that the spammer thinks he/she can send messages through. The messages then get sent nowhere, and the spammer has no idea. "spamhole is an open project. Hopefully, through user's and developer's contributions, we will amass a collection of spamhole implementations spanning all commonly used platforms, programming languages, etc. Ease of configuration and use are the primary objectives, for the easier to use by the non-techical layperson the implementations are, the more widely adopted and used spamhole will become.""

Watch out for your ISP

I ran a very similar program to see what I would catch.. I caught my ISP, or rather they caught me - they thought I was running a deliberate open relay and sent an email warning me to shut it down. I was pretty surprised they were on to it so quickly (less than 24 hours).

Not going to work

[heironymouscoward]

Spam is moving off open relays and onto pirated home computers. Spammers and virus writers together have already designed a distributed architecture in which they can send emails from hundreds of thousands, possibly millions of 'owned' personal computers.

The solution is to accept that email will become 99.9(n) junk, and that the challenge then becomes to extract the signal, not filter the noise.

One solution I foresee is "data clearing houses" which store-and-forward email, using a reputation management system to rank and score email (and other data, for the problem is general).

Re:How can this work?

[B1ackDragon]

They're been relying more and more on trojan'd XP machines as well, they'll probably just stick to this method because they can have more machines than they ever wanted, and they can be sure it works (for some time at least.)

It makes me sort of sad. I'm in a unix sysadmin class, and we had a guest speaker in from a major ISP the other day, and to quote him "we've seen our email traffic quadruple over the last year, all spam" "spam is killing the internet."

Doubt if its as bad as all that, but again, the internet would be a heck of a lot better without it.

Been there done that...

[SlightOverdose]

We had a spammer exploiting an incorrectly configured formmail.pl on one of our servers. We didnt actually use it, so I replaced it with a fake version that accepted pretended to accept the mail and return 100mb of data as a reply.

Our provider gives us unlimited upstream bandwidth, so it had no real effect on us- however here would have been at least 50gb worth of data used by the time the spammer caught on, so hopefully that cost them some cash. (Although in all likelyhood it was only a minor inconvenience).

Proxy Honeypots been doing this for ages

[gorbachev]

monkeys.com used to have one, until the spammers DDOSed him.

Several other people are still running proxy honeypots with great success. They are a great resource for finding out which ISPs harbor proxy hijacking criminals.

For all of you, who think spammers will check whether the proxy works first, spammers do no such thing. They actively scan for open proxies and immediately start blasting away. That's just like with spamming. You really think spammers check every Email address on their lists is real?

Proletariat of the world, unite to kill spammers. The more painful and slower, the better.

Re:How can this work?

Sophisticated spamware sends periodically control messages to a dropbox in hotmail/yahoo/whatever and alerts user if the open proxy appears not really working.

Open relay isn't the problem of net anymore, sophisticated spamware uses open proxies.

Open relays are these days hard to find as most smpt software ave sane defaults these days. OTOH With idiots like analogX proxy authors creating proxies with "default open world wide, not even dangerous ports closed" configuration, there is no sortage of open proxies.

If you really want to blackhole/track open proxy/relay abusers, look at BuggleGum proxypot instead. And prepare to hack it as as spamware tries to adapt the traps setup by people.

Re:How can this work?

[the_mad_poster]

Doubt if its as bad as all that...

I don't. Spam eats up bandwidth just being delivered, even if it gets filtered at the end anyway. Then, you have the idiots that sit and open it and wait for images to load in their HTML-enabled mail clients. Despite this, from a technological standpoint, although it chews up and wastes valuable resources, it won't bring the Internet to a complete screeching halt.

However, look at all the time and money AOL puts out trying to block incoming spam. People always talk about making spam unprofitable for the spammers and someone invariably bitches about the ideas put forth, but how long will it be until there's so much and so varied spam that it's unprofitable to allow users to use e-mail? Eventually, we may well need so many people and tools that it will chew away profits just fighting spam.

That's why I think spammers need to be treated exactly for what they are - a parasitic infection. They just chew up resources but provide nothing in return. They must be inoculated. Make sending unsolicited e-mail a crime (our illustrous guvmint morons took a step in the totally OPPOSITE direction with their "yea, let's legitamize spamming" bill yesterday). If you're convicted of sending mass, unsolicited messages (that is, you can't prove that you were given EXPLICIT permission to send them), make it a felony and make one of the required sentences that you're not allowed to ever tough a computer again. The trick after that, of course, is to get all the spammy Asian and S. American countries to go along and punish spammers as well.

Re:I don't think this will work..

[RobertB-DC]

reducing the value of spam to spammers. This can be done by reducing click-through, reducing traffic and filtering that traffic which is out there.

That points to an interesting idea. What if you left your relay open, but modified the messages slightly? Munge the URLs, kill the scripts and web-bug images, change all the phone numbers to 800-876-7060. You could even try to de-l33t the subject lines (turn V*1*A*3*R*A back into "viagra"), if possible.

Of course, you'd be violating any number of standards, plus you'd still get blackholed. So take it a step further... create a trojan that looks for open relays and turns them into spam-breaking open relays. Maybe you could then get someone to turn you in to Microsoft and split the reward.