Slashdot Mirror
A Day In The Life Of A Spammer
kaip writes "Internetnews.com has a story of a spammer. The individual sends 60 million spam emails for four days worth of work and claims that one in 19 of AOL users clicks the links in his mortgage spam (this number should however be taken with a grain of salt, see rules 1 and 2). Maybe not
everybody has heard of the Boulder
Pledge... The article also tells how the CAN-SPAM Act,
which legalises spamming, is turning the US into the spam haven of the world. Currently, 86 percent of the total spam volume is coming from the States."
- reject_unknown_client is on. This means
that a connecting client MUST have a reverse-dns
lookup for its IP, and the resulting name
MUST resolve back into that IP. This alone
blocks most spammers before their client
can even begin to send a message.
- I use xbl.spamhaus.org. This is a wonderful
thing. This blocks not only any box known
to spam, but also any box found to be
infested by some virus, ie zombies.
Once again, this stops them dead before
the message even starts.
- In the unlikely event that they get past
those hurdles, I have a homebrewed filter
that watches for bogus HTML tags, since
they like to intersperse bogus empty
tags in the middle of words in order to
foil content-based filters. This simple
filter actually blocks 90% of anything
that made it that far.
- Spamassassin. The few brave soldiers of
spam that got this far rarely pass this.
I leave this filter near the end because
it's rather CPU intensive...
-
Finally, a simple procmail rule: If my name
isn't in the "To:" or "Cc:" line, file it
as spam.
I haven't seen a spam message in, uh, maybe a year or two?"the simple situation is that I don't need _any_ advertising through email"
That's a bit draconian. I would like to be notified when Blizzard is releasing a new game or the new Glen Cook book is being released. To get this info from the web sites, I would have to poll (check regularly) the web sites. I would rather receive a notification.
The key to this is opt in only lists. One way to do this is to make a server with your email provider that allows you to register an email as requested (bulk mail whitelist). Those can go through. Other bulk mail is prevented. There are other methods as well; that is just one example to handle both.
The real key is no *unsolicited* email advertising. If I request it, I want to be able to see it. Frankly, if a newspaper (to get back to that example) drops off their product unrequested, I would like to be able to prosecute them for littering. Further, a newspaper includes other things besides advertising. Spam does not.
And they're sponsored by our old friends, The Bulk Club. Can't we spread a rumour that Osama is actively funding spammers or something?
Carousel is a lie!
6 months!!! If I had to train a filter for 6 months before it becase effective I would go insane.
You need K9.
http://keir.net/k9.html
RM
I have no sig yet I must scream.
This is yet another content filter. The real solution to spam will prevent my servers and bandwidth from being overloaded by spam, rather than use even more of it to to accomplish keeping it out of my mailbox. The ultimate solution is to have spammers disconnected from the internet by their ISPs, or disconnect their ISPs if the ISP continue to help spammers steal and waste the resources I pay for. You say you don't have a mail server and don't need to be worried? How much is your ISP charging you? How much is your ISP taking out their own profits to cover the costs of spam you just end up deleting?
now we need to go OSS in diesel cars