Slashdot Mirror
Spam Doubles, Finding New Ways to Deliver Itself
An anonymous reader noted that the times is running a piece on the rise in spam that you might have noticed in your inbox over the last 6 months. Gates promised the end of spam by 2006, but they figure it's doubled in the last few months. And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.
I don't know why they don't just ban emails with stupid images anyways, or best yet just strip them out of the attachments. If I really want to share pictures I'll put them on a website or Flickr or something.
.gif puzzle emails were getting stripped of the .gif files, they'd stop sending them.
If Spammers knew that all of their lovely penny stock
Tom
Someday, I'll have a real sig.
Gates promised the end of spam by 2006. He still has one month to succeed. It is still possible. I'm waiting. I really want to see that. Thanks, Bill.
-- Rastignac was here.
The picture spam not caught by the gmail spam filters that I receive all look very very similar. Randomly generated sentences with buzz words and a "picture text" haussing a certain stock.
I'm very surprised these all come through the gmail spam filter. By now it should be easy to identify them.
Competent sysadmins are expensive, and the idea of, say blocking outbound port 25 would never occur to them, or is brushed-off for stupid reasons.
The only way out is to exerce pressure on those network owners and the best way to do so is by simply blocking them left and right until they are left with nothing but their huge intranets.
Interesting how things come to pass. Websites like this one and many others have used text-in-image capchas for a couple of years to avoid spam bots. Now, spam bots are using text in images to avoid filters. The spammers have caught up for now, but just wait another couple months/year and anti-spam technology will catch up
I gauge my spam intake by looking at my 'held mail' folder at spamcop. At one point a couple of weeks and a few days ago, it was up to over 220 per day (earlier in the year it was about 20 spams a day). For the past week or so, its been at less than fifty per day (today so far its at 30. Normally by this time it was about 150). Something has changed, although my measure may not indicate that spam volume in general has dropped. That's actually interesting to me, because spamcop just catches them and lets me do with them as I wish (I report them).
"We are all geniuses when we dream"
- E.M. Cioran
I get maybe 2-4 unsolicited spam emails a day. I get another 10-20 spams a day from groups that I have an affiliation with.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Yep, I've seen plenty of that.
I can't help feeling that this is mostly a solved problem, though. OCR is pretty good these days, and the bad guys have been using text-recognition techniques to foil the more cleverly disguised text in captchas on web sites for a while now. The text in these e-mail images should be relatively easy (algorithmically speaking) to identify.
Of course, given the volume of spam and the processing time required to scan such images, this isn't a completely done deal. But just as things like SpamAssassin rules get updated fairly often to deal with changing trends, I can't help thinking there's a solution pretty close here with a realistic level of resources required.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Spam is really a non-issue for most end users. Even just using Bayesian spam filter software will eliminate the vast majority of spam. Using three or four such filter systems chained together virtually guarantees that no unsolicited commercial email will get through.
Of course, having separate public and limited-distribution email addresses helps, too. Not getting your address in the hands of spammers is obviously a good first step.
That's not to say spam isn't a problem for server and network administrators, who have to deal with higher server loads and wasted bandwidth. But for your average user, it's rather easy these days to avoid spam. With some common sense and the use of modern filtering technology, spam becomes virtually a non-issue.
Why even bother delivering the junk text?
If the message comes from a home ISP block, but not from that ISP's mail server(s), and contains a *.gif, then drop it.
The real home users will be using the ISP's server to send their email. There may be some exceptions to this, but it shouldn't be too difficult to deal with those on a case by case basis.
Of course, this is from a business perspective. We don't seem to receive a lot of legitimate business email *.gif's from home ISP blocks.
Not sure if anyone else has seen these, but I wish all spam filters would simply delete any mail that contains 2 or more gif files. Gmail does a decent job of removing them, but that's the only one that I have found.
"The new breed of spam -- call it Spam 2.0"
No, no, no... please, please don't!
"And best of all, a huge percentage of spam is now images that circumvent traditional text analysis."
.25 seconds hitting "Delete" though...
Yet another reason I love Thunderbird - if the Bayesian spam filter misses it, I still don't see the ad.
I do still have to waste
#DeleteChrome
Bill Gates was never good at guessing what the future would be. Who would need more than 640K of RAM? Vista would not even run with good performance and all the bells and wistles with one thousand more RAM than that . . .
Good to see them documenting the rise of email spamming, but I'm suprised the article doesn't talk more about the spammers who are running amock across websites rather than people's inboxes nowdays. While the problem of email spam is still growing, it has pretty much always been there and the public are fully aware of it (with mainstream services such as Gmail offering spam protection, etc), the huge rise at the moment is the amount of web applications and sites that are being exploited. Take for instance Youtube (with many of the most popular videos having their comment threads spammed hard), or any mainstream forum software (most commonly phpBB), where spam bots are continually developed to get around registration methods (including OCR) and then spam the forum with either their profiles or posts. Not forgetting the guestbook spamming which many of the people behind these use for SEO purposes, so they can get phising or product selling pages to the top of search engines (even if it is for a day or so before they are penalised/blacklisted).
While email spamming is still the main problem, it would be nice to see the mainstream media realise that there is a growing danger in people exploiting community websites nowdays, because all it takes is for one of these operations to install enough spyware/get traffic from sites/top search engines for banking/insurance etc websites, then they will start taking consumer's data faster than spam would - all without the majority of customers realising, because they think the main threat is in their inbox.
Business Voyeur
I thought this was going to be about that Flying Circus skit with vikings. Spam spam spam bacon eggs spam.
main(0)
We need to fix this with solid non-repudiation at the hardware and protocol levels. Anything else is bullshit.
Spammers have effectively foiled the first strategy -- analyzing the reputation of the sender -- by conscripting vast networks of computers belonging to users who unknowingly downloaded viruses and other rogue programs. The infected computers begin sending out spam without the knowledge of their owners. Secure Computing, an antispam company in San Jose, Calif., reports that 250,000 new computers are captured and added to these spam "botnets" each day.
Remember, kids, it's not "infected computers," it's "infected Windows computers."
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
"640k spam emails ought to be enough for anyone..."
Support NYCountryLawyer RIAA vs People
Cmon', sending Images is essential.
I don't mind the stock spams so much. Every time I see one I just think of the morons who actually read spam losing their money - it brightens up my day!
No sig today...
most effective solution for filtering would be hiring someone to check every mail manually. There are worse jobs than that. You'd have to sacrify privacy, but it could be acceptable to most people.
Alas, I am in the opposite position. I organise the e-mail for a local non-profit, and recently introduced an automated spam filter on all our incoming addresses. A month ago we were trapping under 100 spams a day across those addresses. Now it's well over 200, and rising fast. :-(
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
POPFile used to be 98.7% accurate in classifying email. I'm lucky to get 67% these days, even with a simple binary filter (spam/notspam). What I'm going to need to do -- and do not relish -- is start looking at the ones making it through and manually updating the word lists to tag them properly.
Why don't I want to do this? Because I remember the Bad Old Days of Spam, when I was forced to create Byzantine layers of regexp in Pegasus to snag all the bad people. Bayesian classifiers have been mitigated for now...
-BA
Do any large email services compare all email over the entire system to check for spam? If gmail receives 4,000,000 messages from the same IP in 5 minutes, each with the same image attached; you can be sure it's spam. That's still defeatable, though.
The only way I can think of to totally stop the problem is to make it unprofitable. Maybe Bill Gates could stop the problem by producing a high-profile ad campaign telling people to stop buying things from Spam.
Username taken, please choose another one.
But the rise of "the rise of spam" articles all over the web.
We seem to have at least a couple a week.
If this were really happening, what would you think?
Most of the spam I get probably comes from people harvesting the whois database since I never use the address elsewhere online. Nearly all the spam is automatically detected by Gmail and moved automatically to junk mail. If I bother to look at any of these messages the almost always fall into one of two categories:
1) The spelling and grammar are so poor that I would have to make an active effort to decipher what the spam says, assuming that the message makes any sense at all to begin with.
2) The message is encoded in little gif or jpg files which show up as thumbnails in Gmail that I would have to go through a bunch of trouble to download and re-arrange to make legible.
At this point it seems like sending spam is just a tremendous waste of time. It amazes me how much of it I get, but it no longer bothers me because it simply doesn't even get close enough to accomplish anything. That's not to say that I don't think spammers are a bunch of douchebags. If you're an e-mail admin, I feel your pain man. But spam is a non-issue for me as an end-user anymore.
We can hire the A-Team to come in and stop them.
I pity the fool who litters Mr T's inbox with ads for home equity loans.
Dedicated Cthulhu Cultist since 4523 BC.
I was just wondering what actually happens when you hit "report as spam" or its equivelant? As the addresses are random and the gif urls are geocities or whatever, does reporting actually achieve anything?
If you can read this, it's already too late.
FTA: ... and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet
And I used to wonder why the younger folks like my brother were avoiding email and only using IM. 90% SPAM? This is just ridiculous. Yet for some reason, the industry seems to be focusing on trying to 'catch' the spam [and as a result, constantly playing catch-up], instead of working on a real solution, such designing an email system that isn't vulnerable to spam. I'm sure this is partially because the anti-spam companies are making a fortune.
So far I've done ok, trying to stay ahead of the spammers. I recently implemented greylisting on my mail server, and the number of spams has dropped significantly. But I know that soon the spammers will figure out what we're doing, and my spam levels will again increase.
I can't say that I know what kind of solution would be successful, but I've seen very little indication that it's seriously being worked on.
Am I wrong? Are there any serious contenders for a new, secure, non-spammable store-and-forward messaging system being worked on?
Nothing to see here
Since about two weeks I am using the image-spam repositories of MSRBL, and of Sanesecurity. Using a cron script to fetch the data and keep Clama's database up-to-date works quite well!
Unless your ISP is blocking outgoing connections to port 25, sure you can. It's up to the recipient whether they want to accept that connection or not.
Again, that's a choice made by the recipient.
Again, that's a choice made by the recipient.
Huh?
None of the functionality is gone. It's, as always, up to the recipient to determine what characteristics s/he will reject on.
I see it differently. I see over a million spam zombies out there and a few people who don't understand the view from my position. From a business standpoint, the likelyhood of someone that looks like 99.9% of the spam zombies out sending me something important is less than 0.01%.
And if it is important, that person will most likely call when his/her email is rejected.
So for the cost of one phone call, we avoid over 1,000 spam messages. The reality is far better. I reject hundreds of thousands of connections a month. Yet I average less than one real problem a month. (I'm not counting the people who simply cannot spell someone's name which accounts for about 90% of the "errors" I see.)
There is a plugin for Spamassassin called Fuzzy OCR. It's false positive rate is pretty low and I haven't seen image spam for weeks.
http://fuzzyocr.own-hero.net/wiki/Downloads
> a huge percentage of spam is now images that circumvent traditional text analysis.
Why would an email client be configured to automatically to display images? If you want html, put it on a web server and send people a link as plain text.
Greylisting. All MTAs should be RFC compliant, so this one hurts the broken MTA's only, but some find the delay this adds to the normal mailing process unworkable.
Fortunately you can whitelist known good servers and even use an AWL.
According to some university administrators I've talked to where it is deployed, 93.6% of all mail is blocked this way. The network is around 20k computers strong. No big mail losses reported.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
In its normal "list" view, one of my mail systems displays a text-only preview of the first few lines, plus an icon to indicate any attachments. It's a hoot when the first few lines are html or javascript.
The sender + subject + those lines + the presence or absence of any attachments makes it very easy to identify spam that got through the filters, without actually seeing the advertisement.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I have had no problems at all using Outlook 2003 with Junk E-mail settings set to high. I have not seen 1 image-spam. However, when I fire up Thunderbird, the image-spam always shows up. I wonder what settings/algorithm MS is using because it works. My corporate E-mail server also blocks all spam. I have not received 1 spam of any type in my office E-mail account.
So is the problem really an increase in spam or incompetent admins who don't know how to setup their filters to block them? Yes, the size & volume of E-mails may have increased, but if you can filter them they will be deleted before they take up space.
We have people who work from home. But I've set them up with email authentication. They can send anything, from anywhere, to anyone, providing that they have signed on with their username and password.
You do it differently?
I know people like to rant about the "spam problem" a lot, but for all practical purposes, the problem has been largely solved for several years now.
If you run reasonable spam filters, including many open source ones, you will not end up with much spam in your inbox. Yeah, there will be lots of spam still being sent, but the real, significant, cost of spam is really mostly people's time, not machines. Any ISP, company or person who gets "too much spam" is simply being penny wise and pound foolish. The same goes for systems that get too may "false positives", that is, legitimate emails being rejected. Almost all of that is due to trying to run "cheap" spam filters, or buying snake-oil systems. Upgrade your mail servers or switch to someone who runs reasonable spam filters.
The "spam problem" of today is really the "you can't do anything about spam" problem. Too many people are convinced that you can't stop spam, so you shouldn't try harder. The problem is low expectations. The problem is people cutting corners.
For email senders having problems getting caught in spam filters, some of this is due to people running bogus spam filters and that is the receiver's problem more than yours. Most of the rest is due to either you not running a standard-compliant mail server on a static IP address that can have a reputation built up for you being a good server, or because you really do send out spam, either due to "bad" customers or backscatter (bogus bounces, challenge/repsonse systems, autoresponders, etc.). Don't be cheap and think you can get away with not running spam filters on your outbound email and catching your "bad" customers. Don't be cheap and spew backscatter. Don't be cheap and say you can't afford to do port 25 blocking of dynamic IP addresses, or not allow customers to configure their reverse DNS.
The vast majority of knowledgable people in the area of spam do not munge their email addresses. The vast majority do not suffer either lots of spam in their inbox nor lots of false positives.
SPF support for most open source mail servers can be found at libspf2.
I don't understand why this image spam is such a big problem. The random text _still_ doesn't look like legitimate text to my personal Bayesian filter, so 98%+ gets shuffled off without me ever seeing it. (Admittedly I had to lower the threshold from 0.9 to 0.85 to get there; before it was at about 95%, which was still decidedly annoying with 3 or 4 messages a day slipping through.) Now, of course institutionalized bayesian filtering won't work because the variety of legitimate mail will be too large over a large group of people, but regular spam filters can cull the majority on the server, and then personal bayesian filters can take care of the rest on the client.
What are you people doing that you still get spam?
I've had an email addy since 1983, well before spam (not to mention before DNS - this was a bang-style address at the time). Eventually spam started, and the addr I was using started getting spammed. Might have been sometime in the 90's I guess. I got quite mad, of course. Had to get rid of the address. But I learned from that, and now I've had the same address for ~7 years totally spam free. I haven't had a single spam in that entire time.
So I wonder why spam is still a factor for people. I know this sounds like a troll, but it isn't. It really isn't hard at all to be spam free, so why don't people do it? Anything with even a remote spam risk, I do with a temp dropbox which gets deleted later. My real addr, I'm careful with. That's all it has taken. I fully expect to never again get another spam.
One of the reasons that the pump and dump has become so popular for criminals is that the money trail has often gone cold by the time there is enough interest from law enforcement to chase the bad guys.
The SEC could mostly take pump and dump schemes for penny "pink sheet" stocks off the table by using rules to lengthen the settlement process for sales of those shares or to suspend entirely the trading of stocks in companies that are not fully reporting entities. With fully reporting companies that have legit transfer agents, it is a LOT easier for law enforcement to find out who these selling shareholders are in a timely manner.
Once these vermin begin to get caught, they'll move on to the next bit of low hanging fruit and the arms race will continue.
The ISP restricts the client system to 1 outgoing email per 'n' seconds except if they have applied for a business exception which of course costs more. And sends a monthly email sending report so that the client can see something may be wrong.
Undetectable Steganography? Yep, there's an app fo
I made a web site where you can vote for your favorite spam image in "am i hot or not" style ... http://www.winter2006.info/ ... the new winter collection arrived!
This spam waves are obviously not geared towards really changing something on the stock market. Who would follow tips in such trashy looking images? It looks already more like a sport or computer art. Maybe once the image generators running on botnets will generate really beautiful pictures.
Spammer joins mailing list or forum.
Spammer collects member email addresses.
Spammer sends UCE with From:admin@mailinglist.com or anounce@forum.com
Now I have to modify how my white list decides what to pass.
I tell you, one of these days, I'm gonna run into a spammer at a bar and shove a friggin beer bottle up his nose until it bangs against the back of his skull... maybe a plastic fork in the ear would be easier...
Okay, not too long ago, they were saying that spam accounts for HALF of all e-mail traffic.
According to the math, you're not saying it accounts for ALL mail traffic (plus some)?
Okay, fuck that. I renounce the use of e-mail.
Chas - The one, the only.
THANK GOD!!!
It's not up to the recipient, it's up to the recipient's service provider; most recipients have no idea what is or isn't happening to their email before they get it.
And we have lost a tremendous amount of functionality due to SPAM. There was a time not so long ago when I could send to a family member: email with an attached photo, email with an attached document, email sent from my own PC and handled with my own SMTP daemon, email that was only two or three lines long, etc.
Now all of these are likely to be rejected. Even plain text email sent with a large subscription SMTP server is now getting blocked by some friends and family members' service providers simply because the domain of the address (my personal web domain) is not whitelisted and this hits the SPAM score where it hurts. A phone call is great... unless you were hoping to do one of the many useful things you used to be able to accomplish by sending attachments (i.e. send an article you're working on to a friend to have them read it and mark it up with revisions before sending it back).
So I suppose your answer is that we should all get an @gmail.com account, have to use it via the Web interface to send plain-text only email with zero attachments that's at least five but no more than twenty sentences long and doesn't use the words "sex," "free," or "mortgage."
Fine, but don't pretend that email hasn't lost a significant amount of functionality due to SPAM or that these restrictions are being imposed democratically by the consensus of common users. Functionality has indeed been lost and the decisions are made by admins at major email providers trying to save costs and manage the tremendous problem that SPAM has become.
The proper solution isn't to filter more. The proper solution is the death penalty for SPAMmers. I'm quite serious. We execute far too many blue collar criminals in this world and not nearly enough white collar ones. SPAMmers should be first among these.
STOP . AMERICA . NOW
And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.
Now look at that statement and think a little. How would we filter this? Gee.. a tough one... hmm...
Let me think about it...
(41 years 6 months 10 days later)
We'll filter e-mails with images! Who needs friggin images in e-mails anyway. They are used for few purposes:
1. newsletters (aka "nice spam"), but newsletters can learn to be leaner.
2. pointless (and huge) "image signatures" showing off your latest company logo. This practice should be shot anyway.
A big problem is spam sent to invalid users on a mail server
which is then have to bounced to somebody else. I guess SPF might help that.
Force MS to provide free *nix based hardware firewalls for every Windows user in the world to prevent incoming connections unless the user actively consents. I believe that would cut down on at least 75% of the spam we see. A CD-based firewall would be best as it would prevent hackers from being able to do anything to the firewall that would be lasting. I also think that this will end the war in Iraq. But that's just me.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
http://www.winter2006.info/
Recently, jpeg images started to arrive. They are very very blurry, probably also in a try to fool OCR filters.
I'm not sure how or why, but I have images turned off in all my email software, I run 3rd party spam filters running on 3rd party spam filters and these emails STILL get through AND show their images. I tried making a custom filter for these particular messages and nothing seems to work. The images themselves aren't even seen as images in the messages, they are just text with some funky inline embedding. I honestly don't understand how they're doing it, but "Turn off images, duh!" doesn't work. Nothing works, which is partially why this is news.
replace it with a more basic system. Doesn't have to be secure, encrypted, anything. Make it text based, add warnings before opening a zip. Don't allow embedded images (make them attachments). Even better, split them so as to have a purely text based communications system and a ride-along attachment system. Text based communications would get heuristics scans and the attachment system would get warnings out the wazoo. Force some sort of co-dependency, i.e. you have to send a text based message in order to send an attachment. In order to open an attachment from an unknown sender, you have to click through precisely 42 warning windows placed randomly around the screen to get to it. If they're in your address book, they get expedited delivery.
Having a purely text based communications system would be good, require 2 addresses, one for attachments and one for text. If you don't get messages to both addresses, don't open them. This would cut down on broadcast spam as there would be so many clones of each message in order to score 2 hits, or it would cut down the incidence of randomly guessed e-mail addresses getting spam.
If a company has a spam problem, throttle attachments down or force them to go alternate route.
Is it sad that I am more likely to recognize you and your posts by your sig than your name or UID?
Fighting the symptoms is futile. Just like we started out with open sewers until cleaning drinking water became too difficult. We had to go to the source and stop water pollution in the first place. That's what has to happen with spam. You can no longer distinguish between spam and genuine email at the point of delivery, but you can easily distinguish machines in your network which are a source of outgoing spam. In fact already most spam is being blocked by DNSBLs. But these are not concerted efforts and have problems being run by small private companies.
What we need is international collaboration. TLD authorities need to be held accountable for controlling their domain spaces. For this we need a new standard for the procedure of blocking domain ranges that are soliciting spammers that is both flexible and transparent. Then we can start to demand national authorities to implement such measures. Russia and the African countries aren't going to comply with some vague request by Europe and the US to curb their spammer infested networks unless there is a clear non-biased procedure for this that has been defined in an international agreement and which is backed by enforcement by credible organization such as WTO.
www.tribalnetworks.org - helping tribal people around the world to own their own means of high-tech communications
Statistics since Fri Dec 10 01:14:04 2004 (726 days and 15 hours ago)
[...]
Of 2097 items that were initially greylisted:
- 468 ( 22.3%) became whitelisted
- 1629 ( 77.7%) expired from the greylist
That's for my home box which only serves ME. Now, to make sense of the stats, one must take into account:
So, of the mail that made it past whitelisting ("unknown") AND made it past DNS-blacklisting, 80% was never seen again.
Then of the 20% that makes it through (the 468 over two years!), the percentage that isn't good, goes up against the spam filter in my mailer.
So to go back to the question in the article blurb... No, I have NOT noticed an increase in spam.
Belief is the currency of delusion.
Run your own mail server, I had been doing this for years and my spam problem was almost non-existent. You can set your own e-mail filtering rules, it doesn't take very long till the spammer gives up when his spam bots keep getting 'REJECT' messages every time they send you something. For your average Joe twelve pack, some one like Lynksys, need to offer some sort of 'easy to use' e-mail server appliance.
When spam is accepted but put into a special folder, only helps to perpetuate the spam problem. Flat out rejecting the spam e-mail is about the only way to effectively deal with the problem. Spammers have effectively ruined the e-mail system, aside from shooting, lynching and torturing spammers; rejecting the unwanted e-mail is about the only answer.
"I bow to no man" - Riddick
Bill Gates had nothing to do with it. The correct information is widely available, were one to actually look for it.
/F
The very short form is a) 8086/8088 only had a 1M address space to start and b) IBM used the upper portion of it for BIOS, video, etc.
The first IBM PC came with 16K or of RAM (IIRC). 640K WAS a lot at that time.
Stupidity... has a habit of getting its way.
If it is really important they will phone. If it is really really important they will send the police.
Undetectable Steganography? Yep, there's an app fo
Ok, this has probably been suggested before, but lets say government start regulating that ISP's do something about infected computers. I mean, if my home, or car, or place of business is taken over by criminals and used against others, the local authorities are quick to step in and fix that right?
This doesnt have to be an all out disconnect, but if someone is identified as having been hijacked, simply disconnect outboud mail traffic, or all outboud traffic for that user. Notify the customer, and give them X number of days to remedy the situation. If not then start charging them a primium.
Now the customer is not only motivated to fix the problem, they have been blocked from doing damage. Worst case, they are prevented from sending spam, and they pay a small premium for service.
This could be a gold mine for ISPs (not like they need it, but at least its motivation to do something). Not only do they have authority to charge extra for a portion of thier customers, they could even offer extra PC services to dis-infect customer PCs.
So, what are the downsides to an approach like this?
If everyone turned off images, html and anything else, we'd get text only spam instead.
The real problem is authentication in email. While mail servers accept email with any arbitrary 'from' address, this problem will persist.
I NEVER get spam. Seriously. I'm not kidding. I am not signed up for ANY newsletters, and the only email alerts I get are from MySpace and from /.
::shrug::
I had an angelfire account a long time ago (back before they were bought out by Lycos) That ended up getting flooded with spam, so I moved to hotmail. Prior to that though, that angelfire account was the single best email I had ever used.
But I digresss. I have had my hotmail account for roughly 5 years now, if not longer...In all of that time, I do not get spam from anywhere. I visit "questionable" websites, etc...nothing.
Living With a Nerd
Bill gates IS the problem! All these botnets are using windows exploits to turn these boxes into spam barfing zombies. Do we see a trend here?!
I want to see an article which tracks down the people who respond to spam and make this thing profitable. I'm sure it will take some investigative talent to find people willing to admit their behavior, but that would be interesting.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
There's not an upper bound to the amount of total email. If I get 25 legit mails and 75 spam, that makes email 75% spam. If the spam doubles, and I get 25 legit mails and 175 spam, that more than doubled the spam, but makes the total percentage 87.5% spam.
Anyway, I have enough reliable samples to know that the figure varies quite a bit from 30% to 90%, but the median figure is about 65%
Done with slashdot, done with nerds, getting a life.
"Its the market dummy"! 99.9% of all SPAM points to the person or business trying to get you to but something.
You want to bering SPAM to a pretty much screaching halt? Dont prosocute the spammers, prosocute the companies that use their services.
It is easy enough to do. Simply set up a few accounts on various AOL, MSN, Hotmail, GMail accounts and let the SPAM roll on in. For every SPAM there is a good or service item trying to be sold. There is a company trying to sell it. Fine them $10,000.00 for every SPAM caught by these accounts. Put teeth into the law, "Oh Mr. Business person, you say you don't have that kind of money?, Well lets see your house, your buildings, fixtures, computers, etc. will be taken and sold to pay your fines, or maybe we will just put you in prison."
I think even Ron Popeal, would think twice.
Hey KID! Yeah you, get the fuck off my lawn!
I don't mind the stock spams so much. Every time I see one I just think of the morons who actually read spam losing their money - it brightens up my day!
What I realize is the spammer who sent that message just made money so they can keep affording to do this.
I die a little inside...
Banning images/executables/whatever you like may seem like a good idea, but is it really the cause of the problem? Hell no. The problem is that a spammer can send e-mails and be for all intensive purposes completely anonymous and untraceable. They take advantage of open mail servers, hijack IP address space, and always find another way around the problems.
The real cause of the problem is that there exists no trust relationship between the senders and receivers of e-mail. There's no accountability when spammers send something, and until that is addressed, they will always find a way around whatever protections are put in place.
I have no proposed solution in mind, other than a nebulous thought about ISPs providing digital keys to their customers, thus identifying them as not necessarily "legit", but at least accountable. After all, if you're an ISP customer, chances are they have a postal address/credit card/other info that can be used to identify you to the proper authorities should be do something stupid. Will this solve the problem? Not completely, but it would setup two classes of e-mail -- those from customers of ISPs that have been digitally signed providing some assurance of accountability, and those from everyone else. After that it makes it much easier to filter out the good from the bad.
As I said, the above idea is somewhat nebulous, but I think in the end that whatever problems it may have are preferable to cutting off our noses to spite our faces (i.e. crippling a technology to address a non-technological problem).
Soon email will have a one cent charge and only be delivered from a verisign server.
.... subject says it all :-P
I have images turned off, and the .gif files get through. Also, lately I've noticed a rash of spam that has a chunk of that day's slashdot stories/headlines in the body of the email. I suspect this is to defeat the filters.
From the article:
"To relieve the pressure, the company took the drastic step of blocking all messages from several countries in Europe, Latin America and Africa, where much of the spam was originating."
That's what I do, except that I block the entirety of AFRINIC, APNIC, LACNIC, and RIPE.
No, I'm not trolling. No, I'm not a xenophobe (I have entirely satisfying memories of every country I visited during my military days). And I realize such a drastic strategy isn't suited for everyone (especially if you're running a business, or if you're otherwise not a middle-class American with no family abroad, as I am). But, I don't know anyone in any country which falls under any of those registries, don't do business with anyone in those countries, and if I ever do need to reach anyone there, it can be through mailing lists to which I subscribe.
Despite that, I'll still receive 3-10 spam messages a day from North American sources. But my procmail.log file typically contains entries for as many as 200 spam messages a day. When I do clear it out, I find that there's not a single message listed there that I would have wanted.
The spammers have won, as far as I can tell. The article did an excellent job of explaining why. Despite what I said a couple of paragraphs ago, my on-line world became much, much smaller, and that's sad.
Those who can, do. Those who can't, write technology blogs.
I use a macintosh, and SpamSieve as a spam filter, that just some months ago was 99.x like POPfile was, to the point I felt embarrassed (you know, "POPfile is open source, not yours, etc.")
:-)
Now, the image-spam impact on SpamSieve has only lowered its accuracy from 99.5 to 98.8%, which means the guy behind must have added plenty of other criteria
(these figures for only 300 spams a day, but on various accounts, and with as an extra constraint the fact I download only the first 5K of any mail before screening it)
Herve S.
Why shouldn't the ISPs pick up the ball here? The vast majority of spam comes from zombie boxes and botnets. The owners of the compromised boxes are almost universally unaware, don't know how to fix it, or don't care. An ISP can easily detect a machine sending tons of spam. Disable their account. Make it a law so they can't just get in a tiff and switch providers. Hell, I'd even be all for creating a international blacklist registry of "idiots who get rooted and need to be kept off the Internet."
And before anyone goes "but poor grandma doesn't know what's wrong . . . " Too bad. If a criminal gets ahold of my bank account and starts laundering money, the bank shuts it down. "I didn't know!" and "but banking's so darn complicated!" won't help me even if I can't comprehend a statement or check my account balance from time to time. Ignorance is no defense
(2) Run *NIX on (at least) one machine in your LAN. (3) Run Sendmail on that machine (or postfix, or whatever MTA you like).
(4) Listen to your wife and kids complain that their family/friends aren't getting e-mails from them.
(5) Correct the configuration on your MTA (oops - mea culpa).
(6) Listen to your wife and kids complain that they're not getting e-mails from their family/friends.
(7) Correct the configuration of your MTA (again).
(8) Listen to your wife and kids complain that they're still getting spammed into oblivion.
(9) Configure mail filters to hold the spam.
(10) Listen to your wife and kids complain that they're missing valid e-mails.
(11) (Repeat steps (8)-(10) recursively until (8) and (10) no longer happen.)
(12) ???
(13) Profit!^H^H^H^H^H^H^HRelax!
Everybody delivers e-mail messages through the SMTP server of their ISP. What is wrong with that?
Network administrators get thousands of connections from infected machines. They drop those connections, except the connection from the official SMTP server of that IP-block. If someone can't put aside their blind determination to ignore the SMTP of their ISP, or lack a damn good reason to send email directly, their deserve to get rejected by recipients. Politely sending a reject message back would double the bandwidth wasted on spam, nobody is waiting for that either.
The best way to accelerate a windows server is by 9.81 m/s2
I know people like to rant about the "spam problem" a lot, but for all practical purposes, the problem has been largely solved for several years now.
That's news to me. I work for a company that has about 700 employees. Up until a few weeks ago, we got nearly a million spams a day. For seven hundred people. Well over 97% of our inbound mail volume is spam, even now when the spam volume has fallen to about 300,000 messages a day.
I was using Symantec's Mail Security for SMTP product with optional Brightmail anti-spam as an inbound mail gateway for AV and anti-spam, but even with two servers in two different states (one in the West, one in the Midwest), we couldn't keep up with the load. We tried all sorts of things, but ultimately, even though we were successfully filtering over 98% of our spam, the sheer volume of spam effectively became a DDOS attack on our mail gateways.
We decided to move the spam-filtration to a third-party provider. We first tried a hosted service from a provider I won't name, but our spam loads were so crushing that we were actually asked by the product manager at the provider to point our MX records back to our own inadequate gateways. The poor bastard had to call me from his hotel in Sweden (in the middle of the night Sweden time), where he was on a business trip, to get me to aim the firehose somewhere else.
Finally, we settled on MessageLabs. The logfiles on my mail gateways had been approaching 1GB per day (combined for two gateways) before I pointed my MX records at MessageLabs. Now, my logfiles are about 12MB a day (combined).
So my spam problem is solved, right? Yes and no. Spam is no longer crushing my meager inbound mail infrastructure, but I'm paying close to $14k per year to get out from under the crushing spam load. So, yes, my spam problem is temporarily controlled, but it's a fantasy to say that means that spam is no longer a problem, or that the spam problem is solved. The spam problem is not solved, not by a longshot. Spammers are tricky scumbags, and they adapt. Email spam is still a huge problem and it's only getting worse, but the spammers have also moved into spIM and splogs, and who knows where else they'll go next? SpVOIP, anyone?
Wow. Spam gets blocked, so spammers find way around it.
OH MY GOD! THIS WAS SO COMPLETELY UNEXPECTED! Next you'll be telling me that virus-writers are going to start looking for other security holes after the one they exploited before was fixed!
Planet Zebeth - Metroid with a twist
1. Most of this spam is coming from hijacked home computers. ISPs should recognize when one of their users is a spam factory and cut their connectivity till the computer is fixed.
2. Aggressively prosecute spammers, wherever they are. If the law doesn't let you do that, change the law. If there is no way to do that, I'm in favor of killing spammers and destroying their property, preferably at the same time.
Spamming has gone far past annoyance. Lots of people depend on timely reliable email delivery for their living. Spammers aren't just hurting email, they are killing email. They are killing smaller ISPs who cannot afford the more expensive anti-spam solutions.
I say Death to the scum! I'll even pay the first day's rent on the woodchipper.
So how difficult is to analyze these botnets to find out where are they calling to get their commands and block it? If they are using "public" IRC servers, just block them until they get rid of these channels.
HTML is obsolete. It's time for a new, simpler and richer markup language.
...if mail was held on the originating site until requested by the recipient. If I can type in an http address and almost instantly pull up a site I've never visited, I should be able to make a mail request and pull up an email I want without too much delay. Just send the header information (title, sender, size, IP address, etc -- 256 bytes would be more than sufficient), and when I double click on the title, have the full message come up.
The upside is that botnets would be less effective, because even if the trojan grabbed the existing IP address, it might be dynamically assigned, and even if it doesn't change, spam can't be served if the zombie computer is shut off.
Combine this with whitelists/blacklists, and you could probably drop hyper-aggressive scanning techniques and still have very few spams show up.
Anyone got a procmail that just deletes everything with a GIF attachment???
Red to red, black to black. Switch it on, but stand well back.
That comes to $200 per employee per year. How much is your employee's time worth? How much would be lost on paying employees to filter their spam themselves or having lots of false positives?
This is exactly what I was talking about. You are being penny wise and pound foolish if you don't think that $200/person/year is cheap. As you admit, the spam problem is largely solved for you.
OK, but here is the important point. If everyone in the world took as much effort to solve the spam problem as you, and many others, already do, then spam would largely disappear and spam filtering wouldn't be so expensive.
SPF support for most open source mail servers can be found at libspf2.
Rename the zip to .txt.
I used Gmail to store my homework. This required me to send zipped solutions (VB.NET and C#) which included exe files. Renaming the zip to txt lets you send the files. It is rather annoying.
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
You speak from my heard!
I used to relay my mail myself as well, but no more....
Martin
We're all frogs being boiled alive because we kept getting used to the temperature as it went up.
When and why did we accept needing elaborate programs to throw away our email before we looked at it? When and why did we accept not being able to send files in email, after spending years defining and implementing MIME?
There have been cities that got so accustomed to street crime that people starting blaming the people who got attacked instead of the criminal. When and why did we get to the point that someone could tell a normal (and savvy) user of email
>You don't have to be a complete fucking tool you're entire life you know.
?
Not that I have a solution, I'd be out getting rich if I did.
I run a small mail server for friends and family and have been trying to tackle the recent rise in spam. Here is an article detaling some of the causes.
http://www.eweek.com/article2/0,1895,2060235,00.a
I believe it was also listed as a slashdot story.
I was trying to think of solutions concerning this particular problem. (spammers utilzing ip addresses from virtually anywhere in the world where there are virus infected machines)
One partial solution that aol, microsoft have been putting forth is
http://www.openspf.org/dns.html
but this is mainly for dealing with spoofing the mail from of the email. The other problem is it works best if everyone buys into the system.
I had an idea for a similar tactic that would apply to eliminating spybot emailing nets.
What if, when you registered a domain, you had to also put in an record that identified your mail servers. It would be very similar to how you put in DNS servers that handle a domain.
Then it would be trivial to have receiving mail servers to do a DNS check to see if the ip address of the mail they just received was in the DNS records.
Now, granted, this would not prevent a spammer from buying a domain and setting up their own servers. Or from hijacking someone elses servers. But it would go far from eliminating people that have had their computers infected with a virus and are unknowingly sending out spam.
The problem I see with this solution is it would be additional work for the registrars and their is little monetary incentive for them to set it up. And all the design implemntations that would have to be worked out.
Sure spammers scan sites and lists for email addresses to use. But one thing that even white lists won't avoid is when you opt into Barnes and Noble's book of the month email list, and then B&N, per terms of the opt-in agreement, can sell your email address to affiliate parties (i.e. anyone who wants to pay).
My thoughts: for announcements, go to the web site; everything else, put on a white list. No one gets in unless you've allowed them. Pain in the ass? You betcha. But if you want less spam, it's the way to go.
There is exactly one way to stop spam that will be effective. We just have to make it non-economic. That is, the cost of sending a spam email must be greater than the expected value of sending it. This implies that the cost of sending a spam email must be greater than zero.
Suppose each ISP were to limit the number of emails that could be sent by a subscriber account in one month. A monthly ISP subscription might include sending a few thousand emails. If the subscriber wants to send more, he/she could pay more money to the ISP for a higher subscription level. If port 25 is also blocked at the routers, then the ISP can effectively limit the number of emails that one subscriber may send "for free".
The carrier interfaces are more complicated, but the same principles apply. Each ISP should pay the other ISPs according to how many emails it sends. When two ISPs, X and Y, exchange emails, the number sent (X->Y) and the number in the reverse direction (Y->X) are usually roughly even. If the two ISPs each pay the other according to how many emails they each send via the other, the net of the two invoices will be small in most cases. An occasional large settlement invoice would give the offending ISP an incentive to find and shut down the spammers among its own subscribers. While there are lots of details to be worked out, the basic mechanisms of carrier settlement is well understood in the telecom industry.
The key concept is that email should not be free. The cost of email should be paid by the sender. By including some number of emails in the monthly ISP subscription, the cost to the average consumer or small business can be negligible. The businesses that use lots of email will have some costs, but will also obtain benefits, because employees will spend less time reading/deleting the spam.
If the cost of sending a million spam emails exceeds the profit that is expected from sending them, the worst of the spammers can be effectively shut down. Advertising will continue to exist, of course, at almost any price point. It will just be more targeted, like snail mail. I don't mind a few targeted direct-mail pieces most days, as long as they really are targeted, and there are only a few of them.
The solution of filtering the emails is a loosing battle. The Botnets need to be stopped. Last mile ISPs need to start shutting down the connections of spam-generating hosts. With the ever-increasing volume of spam it's going to be in their best interests sto do so soon anyway since they're putting up with such a heavy load of the spam.
Unfortunately this would have to be a warldwide effort to be effective and I still can't imagine TimeWarner or Cox starting to flip those switches within the very near-term.
- MM
Ummmm, yes. If you choose that method.
Or you can use one of the available web-based services.
Or you can pay for your own domain name and move that around.
Each method has its advantages and disadvantages. You just choose the method that works for you and the people you want to contact.
Okay
I don't think you understand.
As long as the person/company/whatever that is hosting your domain is competent enough to setup DNS, rDNS and your MX records correctly, and is not hosted off of someone's home Comcast link, there wouldn't be any problem with your email being received here.
Gates also missed the start of the Internet, and had to scramble to retrofit support for it in Windows.
What needs to happen before people stop thinking of this monopolist less as a visionary, and more as the drain on corporation finances that he is?
I'm serious. You get caught sending out peni$ advertisements, or any of the other unsolicited crap, you go to court, and you face the death penalty. Period. Tell the liberals to shut up and go lay down. Tell the ACLU to shut up and go away. I'm tired of it. 58 spams today, and it's not even lunch.
90% of the spam I receive consists of senseless sentences, and images with almost equally senseless sentences in them. The vast majority of the time, I have absolutely no idea what the spammer even wants me to be doing. I can't distinguish any potential scams, products, viruses, etc. Perhaps GMail is removing viruses from the e-mails before they reach my spam folder, but I really don't know what these e-mails are supposed to be doing.
WOOOSH!
It seems like all the ones I get look like the one on Wikipedias Captcha page, with randomly colored lines sprinkled throughout. It seems to me (not even a novice on image recognition) that "confetti" like this would be easy to detect.
How about a new TLD - .mail
Existing domains such as xyz.com can automatically get their xyz.com.mail domain.
When they get their domain they get a signing certificate which allows them to create as many email authenticating certificates as they need for their domain.
However, in order to get the certificate they would need to authenticate themselves in the real world.
All internet mail moves to an authenticated / encrypted system and anyone caught spamming with one of these domains goes into a certificate revocation list.
OK, it's more or less Email V2, but it might be more spam proof, no?
And it would work with existing email servers.
OK, these picture spams are yet another big hassle, but I think in the mid-term people will be aware that this is 90% scams (the remining 10% being illegal at best) and stop falling for it, however stupid they were at the beginning.
The spam-business must already see its margins greatly erode; only increased volumes keep them afloat.
How about Viagra and other pills?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
They appear to be sending the same spam to thousands of people.
;).
;). A relative used to send a lot of that sort of junk, the signal-noise ratio got so low that I was tempted to add said relative to my blacklist.
So what ISPs/mail providers can do is to set up decoy email addresses that nobody but spammers send email to.
If an email arrives at a decoy address and arrives at the mailboxes of 1000 other users, then it's likely to be spam, so increase the spam score of such emails.
Mailing lists can be whitelisted fairly easily - since the decoy email addresses wouldn't be subscribed to mailing lists.
After whitelisting mailing lists you might be able to use some unfortunate users who get tons of spams as "canaries", anything they get that's not mailing list, that's received by other similar users is likely to be spam
The problem with this approach is it could increase latency - you may have to wait a certain secret time period before you deliver. Of course you could also choose to not delay any emails at all, in this approach the marking happens once the threshold is hit, but some users could have downloaded their emails before the offending mail is marked.
Google probably does something like this. Yahoo might.
The other potential problem is false positives when friends/relatives/etc send those chain emails/jokes or hoaxes... That said, some might not see those as false positives
Countermeasures: spammers could gradually identify such decoy/canary addresses and treat them specially. Counter-countermeasure - as long as the emails are not really unique per mailbox the ISP can still identify them. Unique per user captcha style images could be a problem.
The problem I see is many spammers could actually be making money from sending spam for people who think that paying people to send spam for them will make them money. As long as there is a supply of such "customers" the spammers will still send spam even if nobody actually reads the spam (due to the images and messages getting unreadable).
>Everybody delivers e-mail messages through the SMTP server of their ISP. What is wrong with that?
Here is the problem. My ISP will only allow me to send email through their SMTP server as long as I am ON THEIR NETWORK. So if I'm at home, no problem, I can send email.
But if I'm on the road, and I plug into someone else's network, I can't send email using my ISP's SMTP server.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
No filters (text or otherwise), no false positives, hundreds of spam messages arrive at my server every day, and approximately 1 a day gets through. I can live with that. Sometimes, a legitimate email will get delayed by several hours. Since I often don't check my email for hours at a time, I can live with that too.
I'm sure there must be some problem that keeps this solution from being widely deployed. But if you're geeky enough to run your own mail server, give it a try. It sure beats fussing with all those filters and crap.
Has there been an increase in spam? Huh. I didn't notice.
Spam couldn't possibly work. No one buys spam products. But think about it -- spam costs almost nothing to send. I think spam is designed to desensitize people so they're more susceptible to things that DO make money. Year after year, people are bombarded by pump-and-dump, porn, unregulated drugs, credit scams, mortgage scams. Look at the garbage that spammers dish out. There's nothing legit about any of it. Surely that affects recipients' minds? Then when they're confronted with a moral choice or choice about what web site to patronize, aren't they just a little bit more likely to make a bad decision, and patronize a scammy web site? All the years they've been bombarded with spam has to numb people, just a little. The way to get rid of spam would be to have a Great Awakening revival and get rid of lotteries, gambling, porn, alcohol, etc - what used to be classified as immorality - spammers are just the absolute bottom feeders trying to promote the immoral lifestyle. No one cares if you buy blue pills or get a mortgage from a spammer - spammers are bottom feeders and dupes - what the real world of immorality (including organized crime) wants is a lot of people who have a susceptibility to their message, who are predisposed to make bad moral decisions. Spam could be classified as a meme - a thought virus or thought cancer that attacks wholesome, moral thoughts. I'd love to see research done in this area, too.
My numbers have increase over 500% in the last couple of months but then sunday and monday nights I have a a 500% decrease in the number of rejections which is weird! I probably shouldn't hold my breath though it will no doubt come back...
Mac out!
Gmail is the only service that works. The success rate has risen to about 99.5% for me - rejecting 150 to 250 spams per day out of 30 or so legit emails, one or two spams get through per day, and no false positives, ever.
It is simply leverage. At a small company where I used to work where the CEO blew his top every time he got any spam, there was a guy who basically worked half time examining his mail for spam. It's a labor intensive process. Gmail has millions of users, and probably a whole floor of people tweaking rules full time. Gmail will always be better.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
I think that if all ISP's turned off their spam filters for one month, then that would get people off their asses to do something about spam. I'm spending way too much time and money dealing with spam, and I'm about ready to just shut the mails server and clients off. I'll just go back to telephone and fax to solve the problem.
The above is not worth reading.
I've noticed that my AT&T/SBC/Yahoo email spam filter seems to be fairly effective at filtering out junk mail. However, sometimes messages slip through that seem much more "spam-like" in nature than some of the sneakier ones it catches.
That leads me to wonder... Does anyone know if their filter intelligently marks new, incoming mail as "spam" if it knows identical matches to it already exist in more than X number of user's junk mail folder on their servers?
Especially for a larger ISP, this would seem like one of the most effective methods of spam control. Let users mark mail as spam, and then block all future occurrences of the same message as spam for everyone else. Unfortunately, that seems to require the use of a web mail interface right now, but maybe they could develop little plug-ins for common mail clients like Outlook to do the same thing?
How can I make Outlook 2000 delete any email with an imbedded image? 99% of the emails I get with pictures in them are crap. They are either spam or some stupid joke I've already seen.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
This is not a direct spam sent to my email. My SpamAssasin setup takes care of those.
These are spam sent to some one else with a FROM or REPLY-TO address as my email. Most of the time the sender's address doesn't exist (they use dictionary words), the mail bounces back to me. Sometimes the mail is flagged as spam and I get a warning notice 'not to send spam'. I know it is a dump program at the other end, that believes FROM line can't be forged.
I report spam to SpamCop, and use it as a high-score rule in my spamassasin setup. But these 'bounced' or returned messages are hard to filter, b/c they are 'unable to deliver' messages.
I am sure I am not the only one getting this. Any ideas how to combat this?
My setup:
personal domain ------fetchmail ----> local postfix ------> procmail / spamassasin ----> BINC IMAP server
Thanks!
The article mentions a (now failed) technique that generates signatures for each message and ignores any future messages that have the same sig. That technique can now be circumnavigated by adding random specks, dots and lines to subtly change the image. What would be interesting to try as a filter is the Fourier transform. A 2D FT of these spam images would generate the same signature despite any randomization. That would allow for the generation of signatures unique to a group of very similar spam messages that used images. Whats also interesting is that the FT of an image with the word "Viagra" would generate a FT signature comparable to one that had "viagra" "vi*gra" in any orientation, color or weird background image.
The article and many responses focus on how hard it is to filter image spam. The images are specially crafted to defeat OCR, and it is difficult to match keywords.
However, the recent spam flood has other properties: it is all sent via compromised Windows machines on residential cable/adsl connections, using very poorly written SMTP client software.
When you look at the SMTP protocol level, they are very easy to identify and filter, due to the many subtle SMTP protocol errors.
You do not even have to get to the DATA phase.
So, don't focus too much on message content. Look at what you can do in the SMTP server itself.
the Telcoms sell bandwidth to bulk emailers.
SO they ar already paying to send there emails.
Email is not free, it's part of my subscription price.
Also your solution does nothing for overseas emails.
I understand the appeal of this idea, I promoted it ones myself, but after talking to people and thinkg about it all it does is limit the average legitant user and does nothing to stop spam.
The Kruger Dunning explains most post on
I'm running postfix on my personal mailserver an started getting these image spam. I added these lines to my main.cf and poof most of them went away.
smtpd_helo_required = yes
smtpd_helo_restrictions =
permit_mynetworks,
reject_invalid_hostname,
reject_unknown_hostname
reject_non_fqdn_hostname
strict_rfc821_envelopes = yes
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
Most of you should be able to tell what this does. Basically, if you don't have a fully qualified domain name then I don't want to talk to you. Since most of these bots are running off of machines that don't have fqdn then most of this shit is dropped at the the front door.
This solution is not perfect, some still gets through but its only one or two a week. Those that do are easily blocked in header_checks or body_checks. I only run a small personal server that gets about a 10 emails a day so I don't know how well this would scale up.
I may not know now but I plan to find out how it will scale up. I've convenced my company to let me switch the mail servers to postfix and put this in place. We get 300,000+ emails a day, 1.5 GB a day, and 80% of that is fucking shit.
My option is if you want to host your own server then you should have a fqdn. Domain names are cheap now, around 5 bucks for 2 years, so there is no longer an excuse not to have one. By simply rejecting email from "illegal" senders we can kill most of the functionality of these bots.
And if your isp doesn't let you register your own domain? Tough, find one that does if you want to host your own mailserver. Otherwise use your isp mailserver and shut the hell up.
Supporting World Peace Through Nuclear Pacification
I know, I know, you are probably breaking your monitor in a foamy rage of self-righteous shoot-the-messenger.
But hear me out. If spammers had to spend lots of money to send spam, they wouldn't do it. If people knew they would be charged a penny for every e-mail sent through their zombie-bot system, they might take better care of it.
I certainly wouldn't miss the $1/month I spent on penny e-mail if I got 0 spams.
Peter predicted that you would "deliberately forget" creation 2000 years ago...
You may be thinking "Ah but I'm not a business" -- possibly not, in which case your ISP should be doing it. If you ARE an ISP, my guess is that in a few years' time it'll be just another line item making up your $10-20 / month access and bandwidth charges - along with filtering bogons and aggressive attackers, it'll be just another routine part of hte service decent ISPs provide.
The OTHER simple solution is to use Gmail :)
Like Spamcop that m0r0ns use to blacklist some of my favorite newsletter servers. Usually because the lamer is too lazy to unsubscribe. Then I have to take the time to whitelist what I want and they don't.
Spamcop even listed CNet the other day. Sheesh. Does CNet spam anyone without their permission? Maybe.
Ack. Nevermind. Ranting about RBLs is passe. We oughta be smacking the spammers, but more to the point, we oughta be smacking the ADVERTISERS!
-rick
deleting the extra space after periods so i can stay relevant, yeah.
I think his logic was more along the lines of driver's ed. classes than seat belts or air bags.
I [may] disapprove of what you say, but I will defend to the death your right to say it.
Just set up authentication on your server and smart host out through your ISP. On the road you connect and authenticate to your mail server, it takes the message and relays out through your ISP's SMTP server.
"640 spams a day ought to be enough for anyone."
--Bill Gates
I don't know what all the fuss is about. SpamAssassin sucked for me, so I switched to DSPAM a week and a half ago. My web quarantine interface reports these figures:
Overall accuracy (since start) 99.182%
Detailed figures since start:
Spam Ham
121 spam missed, 60 ham missed
18787 spam caught, 3158 ham delivered
99.360% spam caught, 1.865% ham missed
DSPAM is catching image spam sent to mailing lists that I'm on, as well as directly to me. I haven't seen a false positive since the first week of training. This NYT article is just a sob story for companies who are selling bad technology.
|/usr/games/fortune
Best solution for me is to let Thunderbirds filter out the spam. I get some spam classified as legit, and very seldom legit mails flagged as spam. The last few weeks the condition worsens though.
Yes, I think a few high profile example sentences for spammers would help tremendously.
!ERR: Signature not found.
I remember reading a while back a long time ago about some worm that someone created that went around patching vulnerabilities on the computers it accessed. Couldn't we do the same to close off botnets?
Hey Wayne, multiply that $200/employee/year by, let's say, 50 million people in the US who use email in their workplace. Not such a small number anymore, is it? You're right that dealing with spam isn't terribly expensive for any single company, but for the US economy as a whole, it's a multi-billion dollar problem.
We're already seeing the after-effects of "everyone in the world taking as much effort to solve the spam problem". The spammers have doubled their throughput over the course of a couple months and started using CAPTCHA techniques to bypass filters. No, I think it's going to take some serious international strong-arming ("We're going to impose tariffs on your exports until you start arresting spammers") to deal with it this time. You can't use a technical fix for a social (or in this case, criminal) problem.
Causation can cause correlation
For all the benefits of html in mail and inline image attachments. The spam problem has made them more headache than they are worth.
Sure you can still send spam with plain text email and no images, but the statistical filters are going to be much better at catching it. I've SERIOUSLY thought about rejecting/trashing ALL incoming HTML mail, or having an auto reply that sends back to senders informing them to re-send their mail as plain text (nicely of course) as no HTML is allowed.
To whatever extent a technical solution can be effective here, it will probably need to be one like you describe. Spammers will surely try to degrade such systems as much as they can though, with tactics like complaint floods, bogus certifying authority injection attempts, etc.
a tion.pdf
This guy has a good idea that could probably be paired with a Certified Email system to enhance its effectiveness:
Design of a DDoS Attack-Resistant Distributed Spam Blocklist -
http://www.sysdesign.ca/archive/blocklist-present
If in addition to blacklists, you could enhance that sort of system with various subscribable whitelists, trust lists, and ranking reports for certifying authorities, etc., then maybe we'd have a viable technical solution -- derisive form letter nothwithstanding.
Pi Ran Out
Yeah, I know, it's probably unconstitutional and all that jazz, but who hasn't been mad enough to want to see spammers get 40 lashes in the town square?
..." :)
(Cue the "Your post advocates a (X) vigilante approach to spam which won't work because:
Honey pots for attracting spam seems to be a good option if we want to study the behaviour of spams. I am willing to host a .com with a mail server running on it to attract spams. I would need ideas as the best ways to attract spammers to spam to my domain with out them knowing that this a honey pot. Spammers either harvest email addresses or randomly guess them out. In any case I would need them to know my domain so that they can spam me (sounds absurd, but this would be a lot helpful in understanding spam).
I would like the spammers to know that there is a mail server running holding a lot of people's mail boxes.
In short I need suggestions as the best way to publicize my domain or publicize email addresses for that domain
Thnx
I'm pretty sure that there are several solutions, which are possible without losses of functionality. I.e. servers could use authentication with certificates, then all those infected Windows PCs would no longer be able to work as relays. And those servers, who send spam, have their certificate revoked. This has a lot of disadvantages - you need a CA and a lot of bueraucracy to handle the certificates. But it would solve a lot of problems. And i'm sure that there are some other solutions. But i also think that right now using email is so annoying like never before - especially if you don't have a perfectly configured server, and an email client without spam filter (i.e. SquirrelMail). I hope that some decision makers finally band together and make a disruptive step, so finally email becomes usable again.
It is still $200/employee/year, which is far far less than many other costs. The "spam problem" is no worse than the "heating/airconditioning problem", as far as costs go. Would any company seriously consider not heating/cooling their work place to the point of hurting productivity just because it costs a couple hundred per year per employee?
I guess I should have been clearer in my original post. The solutions to the spam problem have largely been known for many years now. What needs to happen is for wider implementation of those known solutions. Image-only spam has been around for years and it was predicted that once things like bayesian filtering became common, that this is the direction that spammers would move to. This is simply causing the anti-spam field to shift from "content-analysis" to the "sender's reputation" model. Only now, the industry has much better feed-back loops to let people know that a sender is sending unsolicited (or at least unwanted) email, and that they are sending it in bulk.
I never said that protecting your inbox from spam would be cheap, just the opposite, I said it would cost but that you shouldn't be penny wise and pound foolish. I also said that senders need to become much more careful about what they send, or they won't get their email delivered. However, as you say:
Agreed, this is another part of the spam solution. Law enforcement simply hasn't caught up with this new type of criminal activity.
SPF support for most open source mail servers can be found at libspf2.
And the problem is that it appears to work. For giggles, I've tracked a couple of these stocks. If you don't get too greedy, and get out before the spammers (presumably holders of large blocks of stock) dump, you can actually make a good return.
You should revisit your data, and reread the article. The "problem" is that the scammers buy the stock pre-scam, and dump immediately at the first sign of a price blip. When I plug whichever penny stock into Yahoo, the price spike has always been a day or two in the past by the time my server receives (nevermind by the time I read) the spam touting it, and hasn't lasted more than a few hours.
So if you, as a spam recipient, play along with their stock game, you can make money, while helping drive up the price for the spammers to make their profit.
No you can't, unless you are "lucky" enough to be among the first recipients of the spam, and act upon it immediately. Depending on the number of shares outstanding, it may well be your buy of maybe $500 to $1000 that triggers the scammer's sell order. Face it, this is a total non-starter. Research already suggests that the scammers are only netting about 5%, which means they're doing about as well as a successful day trader, with only a little less effort. Since you will be in a reactive mode, you will be putting in more effort with significantly greater risk.
Luke, help me take this mask off
- Basic DNS checks - Set your MTA to do soft rejections (i.e., 4xx) for these. DNS occasionally has transient outages, so a soft rejection code based on a failed DNS test tends to be the Right Thing[tm] to do.
- Reject e-mail from unregistered IP addresses - Legitimate e-mail senders who really want to communicate with the rest of the world tend to have A and PTR records set up correctly. Conversely, illegitimate e-mail senders tend to be really lazy about that sort of thing.
- Reject e-mail from hosts that announce themselves with valid but unresolvable names in their HELO/EHLO statement - RFC2821 ("Simple Mail Transfer Protocol") is pretty clear on this in section 3.6, which says unequivocably that only fully qualified domain names (FQDNs) be used in SMTP. Specifically relating to the opening SMTP statement, it says: "The domain name given in the EHLO command MUST BE either a primary host name (a domain name that resolves to an A RR) or, if the host has no name, an address literal as described in section 4.1.1.1." So, a host announcing itself with HELO smtp.uswest-qwest.com should have its attempted deliveries rejected.
- Reject e-mail from hosts that announce themselves without using an FQDN - Again, FQDNs are required by RFC2821. Another way to look at this is the system announcing itself as HELO friend is not your friend.
- Reject invalid hostnames - Sometimes hosts will connect with things like HELO -1210690416. That's not a valid hostname, so it should be automagically rejected.
- Reject e-mail from hosts claiming to be you - A large number of spamming and malware-sending hosts announce themselves with HELO and the IP address, domain, or hostname of the host to which they're attempting to deliver e-mail. Any host that isn't your host is lying; don't listen to it.
- Greylisting - Enough is written about this elsewhere. I like it, and think it's remarkably effective. Some people don't. YMMV.
- DNSBLs - Consider using them. Spamhaus (sbl.spamhaus.org) tends to be fairly conservative. NJABL also seems to be effective, and quick to adapt to spammers who use dialups, dynamic DSL connections, etc.. If you don't use them directly for making blocking decisions, at least consider using them indirectly as weightings for spam filtering packages like SpamAssassin.
- Reject before queueing - If your system can handle the performance hit, consider scanning and rejecting (as appropriate) e-mail before it's queued. This keeps it completely off your system. Note, however, that this method has a huge performance hit, and is unsuitable for high-volume sites. Benchmark carefully for your own network.
- Use your logs to improve your firewall - I have a firewall table called "ANKLEBITERS" which is used in a firewall rule that blocks traffic to and from hosts in that table. Hosts which abuse my mail server in the ways listed above tend to find their way into that table, and entries are automagically flushed after a few days. This has had the effect of dropping the number of e-mail connections rejected by my MTA from several thousand per day to about 200/day, since the MTA doesn't see attempts blocked by the firewall.
As a result of filtering like that described above, about one in three thousand messages in my inbox over the past 6-12 months has been spam.All the internet routers need to have port 25 proxies that filter for spam. Simple.
It seems to me that it would be pretty easy for a spammer to make his spam-bots get around greylisting by keeping track of the email addresses that got a temporary-reject reply, and resending to them later.
You are getting ripped off.
Try this combination:
1) FreeBSD (Or Linux if you prefer. I can do both.)
2) amavisd
3) ClamAV
4) SpamAssassin
5) Postfix
6) Greylisting
7) Ask for a raise for saving your company $14k/year
8) Profit!
That is all free software and all easily installed via FreeBSD ports.
A company of 700 employees really should have SOMEONE capable of installing this configuration.
Or:
Pay me for 8 to 16 hours of work (significantly less than $14k), supply me with a couple good PC servers (may only need one) and I'll have your spam problem solved. Seriously. It is not that difficult.
I'm serious. Send me an email at yarnosh@gmail.com if you are interested.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
So there are two obvious questions - why is that scam suddenly more popular, as opposed to Nigerian Herbal Viagra or whatever, and why is more of it getting through spam filters?
Part of the reason probably has to do with which Mafias or rednecks or zombie herders or other miscreants are trying to make money these days, but a big technical issue is that Pump&Dump Stock Scams don't require the sucker to contact the spammer - they buy the stock through Schwab/ETrade/etc. So the spammer doesn't need to send the message from a working reply-capable email address, and doesn't have to provide a clickable URL or human-typable URL, because all the sucker needs to know is the stock symbol WXYZ and what exchange it's on. This means that the spammer can send things like an image with minimal text for the spam filters to filter on, and can send them from random zombies or email servers, and if they use inline images, they can avoid using a URL that's blacklistable (or alternatively, host the image on a random zombie.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
My own statistical filter still works and I think a personal filter will still be
tuned fine enough to get rid of the spam. I just do not see the spam problem.
For traditional spam, if a US-based spammer is selling Nigerian Herbal Viagra out of his double-wide and mailing it to the suckers directly, you can trace that kind of stuff directly and maybe stomp on them, and maybe you can get past the retail spammer to get to their wholesalers, if they haven't found some obvious cut-out to protect themselves. (And with Nigerian 419 scams, the scammer does have a bank account with $29 million, but alas, it's in some country where the US doesn't have jurisdiction
But pump&dump stock scams are different. The sucker isn't buying the stock from the person who sent the email - they're buying a publicly traded stock on the open market (yeah, right...) The people selling the stock aren't spammers - they're "innocent" investors who thought the stock looked like it had real potential, or maybe they even got a hot stock tip on the net and decided to buy it, just like the other suckers are. It might sometimes be possible to prove they were involved, but it's unlikely and difficult, though there's enough regulation in the stock market that sometimes you can bust them for stock fraud as opposed to for spamming.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Unfortunately, there's another sucker born every minute, and two to take him.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Send this email to all your friends, and register at http://stopspammers.microsoft.com/$200.html to get your $200 today!!
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
However, the fact that the domain isn't using SPF or DomainKeys shouldn't be used in any decision about whether email from there is spam. Those tools are used to detect forgeries, and forgeries are often spam or worse, but there's no reason to expect that a site not using SPF is a spammer, or that a site using SPF is not a spammer, and in fact many spammers go out of their way to set their domains up for SPF to trick people who think otherwise.
Of course, if the problem is that your Bayesian filter thinks that your MP's speeches about how he's going to provide lots of government jobs for his district and scholarships to help YOU get a university degree and that the lottery is providing lots of jobs for Nigerian immigrants and such is all bogus, well, you'll either have to upgrade your filters or your MP...
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
AFAICT, a lot of that spam has images in it, which display the actual pump&dump stock scam or 1-800-NIGERIAN-LOTTERY phone number or whatever, and your ISP or email client is discarding that part. Some of it's also viruses, but the image spam is the new popular technique for stock spam, and the random text is there to tell Bayesian filters that it passes the Turing test.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I have a filter that puts all email with images in it directly into my junk folder unless the from address matches my whitelist. If you ban images then the spam will go back to text. It's a lot harder to figure out what text is spam and what is not.
I did this once my spam level reached irritating levels. Now it's back to being a trickle.
Cow Cube
1.Better validation to verify that yes, 123.123.123.123 aka mail.example.com IS allowed to send mail for bob@example.com (this means using things like SPF and with HARD fail specified in the SPF record, not Softfail which too many SPF agents simply ignore and let the mail through anyway)
2.Greater use of encryption and digital signatures to verify that people are who they say they are
3.Greater action by ISPs and others to stop machines that are infected by spambots (greater user education on the part of ISPs, more blocking of ports by default to prevent spambots etc). Its in the ISPs best interests (or so I would have thought) to stop spambots on their network (unlike real spammers who might pay extra for the privildge of being left alone, spambots do nothing except use more of the ISPs bandwidth)
Say someone buys a crapload of penny stocks, and the price zooms even though there's been no public announcement from the company (or a merger or something). That should stick out like a sore thumb. If a day or so later the same guy sells a huge number of shares and the price plummets, that should stick out like a sore thumb. Then investigate him, and look for evidence of spam. If you find it, the throw the book at him.
Actually the problem with botnet spam is quite easy to resolve: on some MTAs (like qmail) there is possibility of setting default SPF in case when a domain has that filter undefined. Just set it to "a/24 mx/24" and 99% of spam will be dropped (you can also add ptr:yahoo.com if you don't use DomainKeys and raise dropping level to neutral)
I run the network for a small company, and there's only a couple ISPs in town. We use the local hometown media company, a phone/tv/internet provider. Recently, some of my emails have been getting bounced back to me from SBC and Deutsche Telekom. Deutsche Telekom has blacklisted our entire IP range, separate from any blacklists I know of. Since the local company has their static address range right in the middle of their dynamic address range, I can't get emails to t-online.de addresses. I haven't talked to SBC yet, but I think I'm going to get a similar response. Email to sbcglobal.net or prodigy.net addresses is sporadically bounced back with a message telling me to email SBC at an address that (ironically) has a full inbox and isn't accepting mail. I know that ISPs block certain known spam offenders, but this is gratuitous. I wonder if large ISPs are going to be doing massive vigilante IP blacklisting to combat spam. If so, the future should prove interesting.
For our clients we use ASSP http://assp.sourceforge.net/ plus mailshell exchange plugin http://www.mailshell.com/mail/client/oem2.html/ste p/exchangeplugin. they are both free programs and have eliminated our spam problems including image spam. We use the RBL, LDAP lookup and other features of ASSP to reduce the amount of email coming in, then use the spam filtering in ASSP to mark spam as such and then use mailshell to redirect the spam into a "junk-email" folder in each user's inbox. the users can then check once in while to see if there are any false positives. ASSP is updated regularly and "learns" as it goes. works great for networks with up to a couple hundred users (haven't tried it on anything bigger yet).
And what other people are saying is that it's not in their business model to buy giant servers and bandwidth, or rent such, just for spam. Basically, the initial gains in productivity from switching to email are being canceled by the increasing costs of handling spam.
The ultimate penny and pound wisdom, in my opinion, would be not to bother running mail systems anymore. Not everybody needs heaters and air conditioning. If your business model can't support the giant servers and bandwidth, then outsource your email. With a small enough business, you could even get away with the free email services, and let Hotmail, Yahoo, and Google deal with the spam.
Just to give you an idea, I am one of the admins for a small ISP near Washington DC. We get over 20 million emails a month, and only 1-3% of that is legit mail. We have six, SIX Dual XEON 3.0 ghz servers that do nothing but tag spam. They run at very high loads with Exim, SpamAssassin, and ClamAV, processing up to several dozen e-mails a second at their peak. We use voting, whitelisting, blacklisting, RBLs, and some other stuff we keep secret. Once the mail has been "scrubbed," it gets passed on to the real mail server, a measly 2.2ghz box that handles everything. A little spam still gets through, but part of that is we have rules in SA that favor the user's choice (which helps a lot against false positives). Some complain, but the mail's been tagged, and we have instruction on how to fine tune it at their end based on what we tag.
But do you know how much that costs us in hardware, power, and infrastructure? And right now, we realize this won't be enough by the end of 2008. We only had three tagging systems in 2004.
Now let's talk about the other end: letting spammers out. We don't condone spamming at all, but we do have customers that get hacked. Notably a large school of, let's say "religious persuasion." Their IT staff, which consists mostly of student and adult volunteers in a school that does not have any sort of computer educational tract, gets hacked a lot. It's a stray laptop, or someone downloads a file onto a Windows box that will give them a Holy Screen Saver of Antioch or whatever. And this is one of BILLIONS of situations like this, whether it be an office, a school, or an IP pool of a European DSL company. Companies with great admins are a small, small minority of what can be hacked out there.
I have seen machines of seemingly weak hardware send out thousands of e-mails a second. It's mind boggling. And it will clog and kill our outgoing mail. Rate limiting? It auto-adapts to fill the network pipe. It spreads, it breeds, it attacks anything it thinks will break it. DNS is the first to go. It probes and pokes every IP in the subnet to see if there's an internal relay, or another machine it can infect. Within seconds, everyone's affected in some way; usually by network slowness. Many of these multi-task. They sent the virus or Trojan to everyone on their address book. They search for AIM or MSN. They look for e-mails in the web cache. These are basic logic "if then" tests the software can make. A second-year programmer at college could design this kind of program easily.
The only option is to block their IP.
Admins get paged, because the attacks usually happen during off business hours because, well, they know staff will be lower and slower to respond. People's weekends are ruined, children's birthday parties have to go without a parent for a while because some asshat in The Pluperfect of Godfuckistan wants to sell 40 bajillion people Vy-ag-rah or penny stocks or whatever. He may get a handful of buyers, but what does he care? He didn't really pay anything. In many cases, they get nothing, but such is the world of crime. A greedy sucker born every minute. Besides, the world owes him, right?
I used to work for AOL. In 2001, I watched the guy in charge of our e-mail go rabid and foam at the mouth at the volume of spam AOL had to filter. He slammed his fists on the lectern and all but declared war on them. We had graphs near our NOC that showed e-mail volume in the millions per day. Every few weeks, there'd be a 40-60% drop in the graph, and a circle that showed where a new filter was put into place. And the chart would still climb and recover. The spammers got faster and faster. They got better and more adaptive. What used to take them months to get around now took weeks. Then days. Then hours.
I see so many ideas come out that seem revolutionary. First it was whitelists and blacklists. Then IP spoofing got around that. Then it was Bayesian. Then spammers filled their e-mails with nonsense. Then it was SpamAssass
Recall Kevin Mitnick did serious jail time for supposedly hacking into a few computer systems.
Then there was the Mafia Boy from Canada who got the book seriously thrown at him for his wee bit of computer invasion.
Now consider a spammer that breaks into thousands of systems (botnets, spyware, etc), doing vastly worse damage to the Interverse each day than anything Mitnick and Mafia Boy together could possibly dream of in a lifetime. Arrests of spammers - let alone jail time - is zilch.
Perhaps it's time to reprogram the world's justice systems to go ape-crappers over the real cyber-vandals.
I guess you could take an unethical countermeasure to "fix" this problem... just record whatever machines they are already using in their bot nets, and install your own software there to do the distributed filtering work. You could even have standardized software that cooperates, so that any known bad host (that is, one that has actually spammed, not one that is simply compromised, although it would be hard to verify this, which accounts for about 50% of the unethical argument) will be prompty assimilated into a global countermeasures network that not only stops the spam at the source, but also uses the resources originally used by the spammers to give additional filtering.
Of course, this would in no way be legal in many jurisdictions, and the ethics are beyond questionable. I'm not sure it's a bad idea, though.
The way to do it, if you were to do so, is IMHO:
* Bootstrap the infection from somewhere that lacks appropriate legislation.
* Have it monitor some anonymous channel or otherwise get input in an untracable and unprovable manner.
* Discreetly distribute the command signing keys to "trusted" operators.
* Make sure there are several keys and each operator has only one (N-way distribution).
* Implement a voting system based on these keys.
* A majority vote can invalidate a compromised key, making it useless.
* A majority vote can create a new key when there are too many operators per key.
* Deactivate the spammers' bot or at least block its transmissions by checking if the user is the one actually originating an outgoing mail, or perhaps building up a profile to check what mail servers they are supposed to be using.
* If possible, remove the spambot and/or plug the hole; distribute updates for this.
* Remove yourself if infecting the system of a clued user, a bridging computer, a medical computer or anything else that seems more unethical to compromise than John Doe's pr0nbox.
* Offer CPU power for filtering e-mail, via a legitimate protocol.
The last point bears further explanation, in that you'd want something like a SpamFilter@Home project, basically lots of computers offering their idle cycles to filter spam. It'd be potentially unethical to disclose the mail in this way, for which there are workarounds, but it's opt-in, and its main point is to provide a legitimate cover for the botnet.
Of course, this idea sucks, but so does the status quo. You could kill it once spam ceases to be a problem due to spammers losing the arms race. Their only advantage at the moment, is less moral issues. Although, personally, I think the antispam-crowd has abandoned the moral high ground ages ago; both parties decrease the usefulness and viability of e-mail. If you're gonna go that way, might as well go all the way, and do some good. Better than a global whitelist.
Your form is missing an answer to the one I came up
with a while back. It's a hybrid legislation and
vigilante approach in which the law legalises one
very specific form of vigilanteism:
Here is my law:
Make it not illegal to send hot cheques or
bogus credit card numbers to spammers.
This permits a kind of reverse spam. We know that when
some item is offered for sale via spam, only a very tiny
percentage of people respond to buy the stuff. If outraged
recipients were allowed to send bad cheques and incorrect
credit card numbers to these bozos, they would fall victim
to the exact same set of problems that we suffer...that
of separating good money from reverse-spam that we would send
to them.
Just as it doesn't take many respondants out of the millions
they spam to make a profit, it doesn't take many of the
millions of victims to send a bad cheque or a bogus credit
card number back to the spammer to mean that they have to
chase down hundreds of bogus payments just in order to collect
a handful of actual payments.
They could try increasingly sophisticated ways to 'filter'
our reverse spam - but we'd find ever cleverer ways around
that.
Well - it probably wouldn't work - there is bound to be a
flaw - but it brings a smile to my face to imagine the
spammer sitting with a million dollars worth of orders
made up of 20,000 cheques for $50 each - knowing full well
that only five of them are real and that the only way to
tell the difference it to attempt to cash each one of them.
He's made several hundred bucks from the idiot buyers - but
in order to cash their cheques he's got to pay in 19,995 bad
cheques - and because of my law, he's got no legal recourse.
If he fails to cash the handful of legitimate cheques, he
upsets his 'real' customers who bought something that didn't
ever arrive...yeah, their cheques didn't get cashed - but
they'll probably think twice about ordering stuff that was
promoted via Spam the next time.
Banks and credit card companies seeing the cost of
bouncing very large numbers of cheques and credit card
numbers would pretty soon impose a hefty surcharge onto
their banking fees for doing this - and voila! No more
direct sales spam!
Actually, I wonder whether it's even necessary to have
the law. Merely having a few tens of thousands of people
ask questions about the product - sending empty envelopes
that need to be opened, slashdotting their web servers, etc.
Anyway - feel free to shoot this idea down in flames too.
www.sjbaker.org
I am sorry it is not users fault at all that the product they bought is faulty. It is very arrogant for you to say that. When I buy a car, I dont need to know how it works. I just need to operate it. If it is polluting, how would I know?Well that is mandated by the govt for a smoke test. And dont talk about education, computers are VERY complex, and VERY complicated to operate and understand. I dont ask you to know much about dentistry, flying a plane, or wiring your house. Why all of a sudden computers should be any different.
,it assures them otherwise.
Sorry, but it is not consumers fault that the product is faulty, because when they buy it,
If anything, I blame the people who made those programs in the first place for not making them correctly, and then selling them as if it was a complete product.
Cheers
The good news is I've set up the greylist script to continue rejecting email for 60 minutes (and I'm considering 90) if the sender's IP won't resolve or if the sender's IP is listed by one of the major RBLs. Usually, after the 60 minute delay, that particular spam and spammer are listed in enough RBLs, databases, etc. that spamassassin will catch those spams.
Anecdotally, I've seen the following results:
- Spams blocked per day by greylisting: 1000 or so
- Spams blocked per day by spamassassin: 75 or so
- Spams per day delivered to my inbox: 5 or less
The upshot is that those 1000 getting rejected by the greylister are only using the resources of 2 or fewer efficient SQL queries to generate an SMTP session reject (not a bounce). Spamassassin takes about 5-7 wallclock seconds per email processed. Ouch.But, yeah, some spammers are retrying.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Now maybe you have experience setting up antispam solutions that can handle 1,000,000 spams per day, and your setup really can scan email at the rate of 12 spams per second. From reading your post, I get the feeling that you have not ever set up such a system and that you are underestimating the volume. Personally, I have set up a mailserver that serves my family and a few friends. It handles about 1500 emails per day, over 99% of which is spam. Obviously it has no trouble with the load, but I really doubt it could process any more than 100,000 emails per day (over 1 per second). The configuration is Linux/qmail/greylisting/clamav/spamassassin. Its false negative rate is 0.006% and false positive rate is 0 (as in, I have never had a report of a false positive). Very effective. Not very resource-efficient.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
I tried Thunderbird, but I didn't like the look and feel of it. Every time you open an email it "feels" like you are launching a separate program as it took a comparatively long time to open the window to read the email.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
>Just set up authentication on your server and smart host out through your ISP.
>On the road you connect and authenticate to your mail server, it takes the message
>and relays out through your ISP's SMTP server.
I don't have any control over the email server - either my web host email server or my ISP email server, so I don't know how to set up authentication on them.
What does it mean to "smart host out through your ISP"?
The problem I have on the road is that many networks block port 25 so I can't hit my web host or ISP email server.
Are you talking about setting up my own email server at home? I've never done that before.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.