Slashdot Mirror
Giving Your Greytrapping a Helping Hand
Peter N. M. Hansteen writes "Some spam houses have invested in real mail servers now, meaning that they are able to get past greylisting and even content filtering. Recently Peter Hansteen found himself resorting to active greytrapping to put some spammers in their place. The article also contains a list of spam houses' snail mail addresses in case you want to tour their sites."
Um, how much spam does the average /.er even get per day? I have gotten exactly one spam message that has made it past Gmail's spam filtering this year (2009) and it was quick and easy to delete. I don't give my e-mail address out to everyone, but I do sign up to many things with it yet still it is very rare for spam to make it to even my spam filter. So is spam really that large of problem in 2009?
Taxation is legalized theft, no more, no less.
I seem to remember reading about a convicted spammer who created Dynamic Dolphin in Broomfield, Colorado. Does anyone else remember who this asshole was? I would not be surprised if he started the whole thing.
- Zav - Imagine a Beowulf cluster of insensitive clods...
The problem is what happens when some reputable sender get's on the list.
I mentioned this to Mr. Hansteen a while back on usenet, warning him about putting his greytraps (and spamtraps) in public view on his webpages. All it takes for a legitimate sender to be listed with him, is one single newsletter signup with one of his traps.
Even though the trap will never respond, the sender will nevertheless have to send a message to the trap to attempt to verify the signup. Apparently, his list protects quite a lot of accounts, and he cannot whitelist everything ...
I never got a decent reply. I'm not sure what Mr. Hansteen's goal is, other than researching for its own sake and performing some good old sub-optimization of questionable value in the process.
Unlike the guy in TFA (who blocks the sender for 24 hours), I only assign some points in SpamAssassin.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
I was using something similar. The trick is to identify the ISP mail servers. Usually by some naming convention of the ISP ... but in some cases you have to just wait for a complaint to come when they get blacklisted. I solved part of that by sending the rejection list to the recipients at times so they could check it.
Meanwhile, greylisting is completely different.
Greylisting means that any new "triplet" (recipient name + sender's name + sending IP address) is TEMPORARILY rejected for X minutes. This is because many spammers were using zombie machines that would not try to resend the message OR would keep trying with different sender's names. Legitimate senders and email servers would (MOST OF THE TIME) be able to handle the delay and the message would get through. All future messages with that "triplet" would be received without delay.
How does "investing in real servers" let the mail through content filtering? Last time I checked, a content filter reads the *contents* of the mail (ie not the envelope or the header, hence the name). The spammers can buy servers until they're blue in the face, that won't make a blind bit of difference to the outcome in that case.
I did my best to resist the impulse to stop browsing these comments at -1 because I had too often found interesting comments that had been modded down for the wrong reasons.
I guess I won't be able to do that any more, because I get too sad when I see how much energy some people expend in hatred of gays and blacks. Say, maybe we could filter comments by more than just the number? I wouldn't mind being able to see "-1 Flamebait" because often you find insightful comments that have been modded down by committed astroturfers, but "-1 Offtopic" (which my own comment here is, by the way) could get filtered out. Or how about a "-1 Racist/Sexist Asshole" moderation choice?
Where's the suggestion box here at Slashdot, anyway?
You are welcome on my lawn.
Can we "tour" those sites with molotov cocktails and pipe bombs?
You are welcome on my lawn.
IMAP is flaky and slow. It is a hack to map googles lack of folders onto IMAP's idea of folders.
It is a bitch for an administrator. There is no good way for an admin to setup email forwarding accounts--yeah, the user can do it, but you have to create an account for them and they have to do it, you cannot!. Their concept of distribution lists suck. You cannot change somebodies email address without creating a new account. I could go on but I wont.
Basically, for a business, using Google apps sucks. The only thing it has for it is the webmail interface. But integrating "real" mail programs with it sucks.
Bottom line is Google apps is 100% lock-in. It does thing in its own unique way and does not integrate with anything else worth a damn.
Just switched a client to google mail for business (really, what is it called? Google Apps? Google Mail? huh) and have heard nothing but complaints. The "gmail" thing gets email that never shows up in their imap folder, their imap folder gets stuff that disappears from their gmail thing.
Attachments work funny.
If you delete message from a "thread" in gmail, it will delete every "send" and "reply" message in the whole damn thread and thus nukes all of it in Outlook. If you nuke a single message in IMAP, it fucks up how gmail handles the thread.
All kinds of things. Their thole thing is great, but the minute you want to use a "real" mail program on top of it (like most businesses I know), trouble brews and shit just doesn't work the way you'd expect. There was a reason Google took so long to add IMAP support--their whole damn system works like no other email program. I bet they had to basically hack the whole damn thing to work like a "real" mail system IMAP was designed for. Basically, using them is a horrible form of lock-in.
Now I have to move them back to a "real" mail system this coming week so their life can work as it always did.
and unsustainable practice. just because jacksauce saw some AOL ips spam him with subscription notices doesnt mean the return addresses actually map to real people, or the intended effort was prankish in nature. it could simply have been designed to manually harvest emails, all part of a botnetted script.
this guys out of touch. real people, the ones you hope for revenge, dont exist anymore in the spam world. if the problem becomes pronounced enough your spam filters should be able to generate a report of the offending subnets and allow you to blacklist them. problem solved.
Good people go to bed earlier.
I've actually proposed something very similar to this before, called a Solicited Bulk Realtime List, which would be an elaborate DNSBL-style spamtrap whose purpose is determining which lists play fair (no-unsubscribe vs opt-out vs opt-in vs confirmed-opt-in) regardless of solicitations. Such an index would enable users to safely unsubscribe, and perhaps more importantly, its widespread adoption would force all "list" emailers, be they spammers or not, to better implement subscription management.
SBRL would also enable the ability for a filter to set a threshold for new list mail. Let's say I completely block any "list" mail that the SBRL can't confirm unsusbscribe works, and then I count a day's incoming confirmed-opt-in emails plus twice the number of the remaining emails (opt-in/opt-out). Anything over my threshold gets digested just like a mailman list with the digest feature (a collection of all of them that came in over the day) rather than direct delivery.
An IT-grade implementation could have new addresses start at a high threshold (e.g. 10) and then lessen by one per business day until it hits the default threshold, e.g. 3.
Use my userscript to add story images to Slashdot. There's no going back.