Slashdot Mirror
What You Get When You Buy a Spam CD
defender writes "Recently over here in The Netherlands, the spam versus anti-spam 'war' has hardened. More professional spamming coming from a handful of hard-core spammers utilizing bulletproof hosting in India, chained open proxies, more and more false whois information, etc. One of the more known anti-spam people has been sent one of the subjects of those spams: a CD with millions of e-mail addressess of 'individuals' and hundreds of thousands of 'businesses'... Rejo Zenger has done an analysis of such a CD, which is fuelling new debate as to why the recent EU anti-spam directive was weakened because of businesses complaining or indicating that spam wasn't a big issue for them."
Actually, you're completely wrong. SpamCop only lists individual IPs that have been reported as sources of spam, and they removing them quickly once the reports of spamming stop coming in. They do not block subnets or any addresses which aren't actually sending spam.
Don't blame me; I'm never given mod points.
Well, I heard only a week or so ago that the European Union was going to make sending spam illegal in the near future, or has already done so.
Unfortunately, as this article on the Register points out, most spam comes from outside of the EU, or turns out to be untraceable anyway... so the question is if this new legislature would have any noticeable effect.
A quote: Anti-spam software outfit, Brightmail, says the legislation only affects European registered companies and they're unlikely to flout the legislation. However, it claims nine out of ten spam emails are either untraceable or come from operations outside the European Union. Either way, professional spammers - whether inside or outside the EU - are unlikely to heed the new legislation. So in effect, this new law will make bugger all difference to the amount of spam we get in Europe.
IMHO this new law certainly is a step in the right direction, since the ISP's would be legally obliged to take action against spammers on their network. Now if only the rest of the world would go in the same direction...
He refers to addresses ending with a dot as "unregular syntax", then later as "no TLD". However, the address with a trailing dot is the canoncial form of a domain name - the final dot refers to the "root" domain, the one that Verisign gets to play with.
I can't say that I don't give a fuck. I've just run out of fuck to give.
Of course it is. Haven't you ever taken an intro biology course? In a population, there are thousands of different mutations, etc in the DNA, and the most successful variations are passed down because they survive longer and mate.
Over here, the rule is opt-in. The recipient of the spam has to have consented to it beforehand. (for the Norwegians here - markedsforingsloven 2 b).
I used to have a job where I had to deal with different kinds of questions from the public that dealt with, among other things, spam. After contacting various Norwegian spammers to lay down the law, I found that a lot of them bought CDs or whatever with e-mail addresses. They seemed to (usually arrogantly) think that because they bought these lists, they were fully legal to use. This is not the case.
I don't know if these CDs were sold with the implication that their use was legal. Hindsight is 20-20 and I realize now I should have told these spammers to demand their money back from the people who sold them the CDs.
People say I'm crazy, I got diamonds on the soles of my shoes...
It's called SPF, Sender Permitted From.
A more creative way is "[my-email-username-is-one-word-and-it-is-the-colo r-of-grass]@happypuppy.com"
Having run an opt in mailing list for a previous employer I can tell you that some people sign up then go complain to spamcop when they actually get the email.
I don't run a mailing list, but some of our customers do - and you're correct, this part does happen.
then the mail server gets an Instant blacklist thanks to the automated system
Never seen this happen. In every spamcop case, we were always given the chance to respond - we've never been blacklisted. (A simple response showing the opt-in confirmation clears things up.)
The problem gets worse when they black out the email addresses so it becomes impossible to tell who actually wanted off.
Blacking out the email address doesn't make it impossible to check the recipient - unless you have the (bad) habit of deleting your mail logs too soon (IMHO a month is pretty much a minimum to keep logs - which shouldn't be a problem, as spamcop rejects submissions that are over 3 days old.)
You'll have the destination server and the SMTP ID - both of which are in your logs. (If you don't have access to the logs, your ISP should be more than willing to provide them - especially if your claims about being blacklisted are true.)
All in all, spamcop does a pretty good job.
Your post reminded me of an article I read a few weeks ago (probably posted on /.), where a distributed spamming technique was exposed. The method was exploiting a php weakness (register_globals), to upload and run a script that installs a binary file in /tmp it's purpose being to send spam from several (hard to evaluate how many servers could be infected by that kind of weakness) web servers.
This very interesting article can be found here : http://www.securityfocus.com/guest/24043
____
nico
Nico-Live
Just because you have an "unsubscribe" address doesn't mean your not a spammer - not by a long shot. If your "list" doesn't 1) only send to people who sign up and 2) send out a confirm email wait for their reply before sending anything else, then it's fair game to be blacklisted as spam.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Actually ISPs, at least the one I work for, are trying to do something about the number of zombied boxes on our networks. I know this because I work in the abuse department. When we get a complaint about anything that looks like it was from a comprimised system we run Nessus on the computer in question and suspend their account. When they call in asking why their service isn't working we explain what happened adn what Nessus found. The issue seems to be that most people complaining to us have no idea what data we need or even how to get it. Spam mails are sent to us sans-header, we get email saying "one of your customers is h@x0ring me!" and they provide no documentation. The singal to noise ratio as abysmal.
"Who's going to believe a talking head?" - Herbert West
The Email "From" address would have to originate from an Email server that matched its DNS entry. You could still fake the IP address or the DNS Service, but this is not as trivial as faking the "from" address.
Spammers will probably circumvent SPF by registering many disposable domain names, and configuring the DNS for those names to return SPF-style authorization for the IP numbers of whatever proxies or compromized machines they are currently using to transmit messages.
So SPF will put an end to spammers faking "yahoo.com" or any other domain with valid SPF records (and when the reciepient checks them).... but it won't end spam.
To combat spammers simply registering their own domains, real-time blocklists and whitelists of known-spam domain names and know-legitimate domain names will be needed.
SPF is a great idea (aside from the problems for all the people who currently transmit legitimate email with forged from headers).... but it definately won't stop spammers. It's just another step in the arms race.
PJRC: Electronic Projects, 8051 Microcontroller Tools