Slashdot Mirror
Spammers Not Complying With CAN-SPAM
Zelphyr writes "The Register is reporting on a study done by MX Logic found that of 1000 messages tested, only three complied with the recently enacted CAN-SPAM act. Little wonder why the spammers weren't shaking in their boots when this spam friendly anti-spam bill was passed."
There is evidence to the contrary.
No, most spammers operate from the US.
1) USA-based spammers don't give a shit about the new law
2) Overseas-based spammers have increased exponentially
3) USA-based spammers are offshoring just like every other IT industry
Will we soon be inundated with reports of Bangalore being the spam capitol of the world? After all, they aren't subject to the jurisdiction of USA-based spam laws. Forget offshoring your tech support, now you can offshore your spamming operations and be in total compliance with the law...
Spamassassin
SpamAssassin(tm) is a mail filter to identify spam.
Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.
and Razor
What is Vipul's Razor?
Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.
Over the last three weeks my mail gateway has caught 65400 pieces of spam, 186 claim to be can-spam complient... Go go CAN-SPAM...
PS Thank you Spamassasin team!
SPF records CAN work - consider if the majority of ISPs in your own country start using them. 99% of your email comes from your own friends and family within the country, and would be catered for. The rouge ISPs that DONT publish the records can all go to hell as long as my friends can contact me.
I realise that for certain public addresses SPF wont work, since the idea is to hear from unknown customers no matter where they are, but for the normal user it should cut down on a greater majority of it.
liqbase
Yo, I was involved in the alpha testing of shadango awhile ago. When I signed up I used the word "alpha10" in the promotional code box. It got me a paid tester account...i think it might still work. Plus, they recently started filtering POP accounts so now the amt of spam I get on my hotmail has dropped considerably. From my experience Shadango is definitely worth the try. Ian Welsh
Somebody please mod the parent up! The whole slashdot crowd can hear this message once and for all -- most spam does not come from the US!! Seriously. And the rest of the world can give a sh*t about the laws we pass.
.it, .fr, .pi". Hmmmm... I don't even know what backwards country those tlds are from, but I do notice a pattern. No .com
As an example, here's a summary from the crap I submitted to spamcop this morning.. ".il,
Our laws will have no affect on the big fish.. maybe there will be a few highly publicized cases of some newbie, stupid spammers being prosecuted under this law, but believe me: you can expect to find your Inbox fuller than ever this coming year.
I keep seeing tunnels at the end of all these lights,
Ben
You wrote:
> Finally, I agree that it's best to have concrete tests, and as such making it illegal to forge identifying information in an e-mail could be useful. OTOH, a law that says, "You must include a valid, working unsubscribe address" doesn't really help much, does it? Surely anyone who's ever administered an e-mail system would advise against ever replying to any spam mail, so the law has just "legitimised" one of the spammers' favourite tactics for no benefit at all.
Not forging false email addresses is trivial. They're called "drop boxes", and their only reason for existence is for the spammers to ignore or to gather legitimate email addresses for their next spam. Really. Opt-out just doesn't work.
This [I]CAN-SPAM law is also going to face very, very big challenges on free speechh grounds due to its content filtering.
Now, there's a compelling legal history for requiring opt-in called the junk fax law, It's USCC 18, paragraph 2701, and does not get into deciding the content of an illegitimate message. Add maybe 10 words to that law to include email as well as faxes, and we'd be set.
most spammers are USA or canadian based
http://www.spamhaus.org/rokso/index.lasso
ain't truth a bitch
So why should they bust them for violating the spam law? The government has totally ignored the absolutely fraudulent nature of spamvertised products, despite the fact that the money trail is easier to follow than the email trail.
I suspect there will be political pressure to "bust" a couple of spammers, and they probably will nail a couple of small-timers and will trumpet it as a success, saying something like "Mr. Spam King sent over one million spam messages" -- the same bogus logic used in drug busts, when they value the drugs based on their smallest-possible-street-transaction value instead of the likely wholesale value.
Part of the reason I think there will be little enforcement, at least from the Bush administration, is that I've read that mainstream businesses are actually profiting from spam indirectly by selling customer lists that include email addresses. They don't sell directly to spammers, but they filter through direct marketers who ultimately DO sell to spammers.
Recently. spammers have been trying to train spam traps with random words. It's alsmost like seing the words put into a mad libs exercise.
Will this confuse filters like spamassassin?
P.S. One of the more interresting ones I got follows. What is an appellant hazelnut? And can diseases be exorcised?
insinuate guilty overture aegean mcelroy
emery niggardly bobbin briggs pushout creed quizzes return accomplish
explanatory cofactor frances melissa
biharmonic his milieu alphabet groom septate appellant hazelnut diphtheria exorcise
Irene KHAAAAAAN!
It's still beta, but I'm unaware of any other tools that allow you to strike back at a spammer. With it you can crapflood a spammer's database, and possibly render it economically useless. So if you're pissed at the hundredth mortgage quote solicitation, fire it up and get just a little bit of revenge.
The mail servers I run for my employer reject 400 spams every minute. Those are the ones with SpamAssassin scores greater than 10. 1000 spams in a week is a very small amount. They should be grateful. ;)
Edith Keeler Must Die
Donate free food here
I don't believe the entire South American continent shares a single IP range containing only 254 useable addresses.
What you describe here, 200.x.x.x, is a /8, not a /24. A /24 might be something like 200.47.218.x
Back in the day, when Outlook was growing in popularity, Microsoft made a decision which has forever tarnished e-mail - making HTML e-mails the default.
What they *could* have done, which would have benefited everyone, would be incorporating encryption/signing in their e-mail product. Then everyone would be using it by now, instead of HTML crap.
Oh well.