Slashdot Mirror
Giving Your Greytrapping a Helping Hand
Peter N. M. Hansteen writes "Some spam houses have invested in real mail servers now, meaning that they are able to get past greylisting and even content filtering. Recently Peter Hansteen found himself resorting to active greytrapping to put some spammers in their place. The article also contains a list of spam houses' snail mail addresses in case you want to tour their sites."
It just seems like it'd be easier now to find out the spam mail servers and block everything that comes from them.
The Internet is generally stupid
So is spam really that large of problem in 2009?
It's Gmail's problem. The cost of filtering spam means Google has to put more ads on your messages and, if Gmail becomes unprofitable, possibly even terminate free Gmail.
Wow. I remember when the average /.er was running their own mail server. Let me tell you kids, those where the days! The world economy was strong, and I didn't have to have cat food for dinner.
I've seen an increase in spam that has made it past my gmail spambox in the last week, but I get several thousand spams a day so it's not a big deal.
I used to allow any email that shows up to the domains that I have, and I'd get way more spam. It's weird that 3,000 spams a day is slow since it's not like I go out signing up for stuff but I also don't hide my email.
I still get actual email that gets filtered as spam which sucks, but I put up with it since gmail works about 99.5% of the time. I wonder how many legit emails I've had that people think I ignored since I didn't respond.
riding round the world on an old motorcycle
His name is Scott Richter.
"Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
I have seen exactly one malware on my machine that my virus scanner picked up and it was quick and easy to delete. I don't leave all my machine's ports open, but I do leave several vulnerable ones open yet it is still very rare for any of the malware's operation to be noticeable to me. So is malware really that large of a problem in 2009?
I was not clear on the definition of grey-trapping. It is the process of providing decoy e-mail addresses that are discoverable by harvesters but not by ordinary humans. When mail arrives at the destination of a decoy, the sender IP address is then added to the spam filter of the receiver.
Basically sort of a honey pot approach.
So you might ask why can't ISPS do this at the ISP level rather than the user level? Make it opt-in, white-listable, etc..
The problem is what happens when some reputable sender get's on the list.
FOr example, Joe Spammer takes his address list and does a sing-up operation to Yahoo for all the addresses. Now the Yahoo registration server then does not automatically enroll them but still it sends an e-mail to every one of the e-mail addresses. some of which are the decoys.
so Yahoo gets grey-listed by the ISP.
I would think this attack would also foul up every grey-list in existance as well. So I don't actually understand how grey-listing works.
Some drink at the fountain of knowledge. Others just gargle.
"The world economy was strong, and I didn't have to have cat food for dinner."
I miss mom's cooking too.
At one time I invested a few weeks time into building a heuristic antispam filter. One of the principles I used was very similar to this (there were many others).
I came to the conclusion pretty quickly that in the game of anti-spam, the larger the email pool you have, the more efficient your heuristic tools can be. Once I proved that to myself, I went looking for who was doing the best job using the techniques I decided worked best, and routed my mail through them.
Its cheap, effective, and gets the spam off my network bandwidth. Even if you do a perfect job yourself, you're still paying for the traffic. That's a waste by itself.
If you're so worried about privacy, get yourself an appliance that uses the same principles as the services (like postini, etc.). Either way, antispam is no longer a business for the individual.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
I rather pay for my own VPS than pay Google for a freaking email account and/or their App Engine.
Except google apps "Standard edition" is free. And it's pretty much all you'd need unless you're a largish business. Pretty much the only difference is you get a mere 5GB (of which I'm using something like 200MB) instead of 25GB per mailbox, a limit of something like 50 users, and you don't get their mobile access and migration tools. You get SMTP/IMAP/POP and the best webmail interface there is :)
It's not exactly rocket surgery.
How does "investing in real servers" let the mail through content filtering? Last time I checked, a content filter reads the *contents* of the mail (ie not the envelope or the header, hence the name). The spammers can buy servers until they're blue in the face, that won't make a blind bit of difference to the outcome in that case.
Seconded. My email addresses tend to be old, public, and static. This means they get a ton of spam. It's not worth the time and effort of handling anti-spam in-house when Postini can do an equivalent or better job at a reasonable price.
Switching to Postini also freed up a ton of RAM and CPU on our hosted servers.
I did my best to resist the impulse to stop browsing these comments at -1 because I had too often found interesting comments that had been modded down for the wrong reasons.
I guess I won't be able to do that any more, because I get too sad when I see how much energy some people expend in hatred of gays and blacks. Say, maybe we could filter comments by more than just the number? I wouldn't mind being able to see "-1 Flamebait" because often you find insightful comments that have been modded down by committed astroturfers, but "-1 Offtopic" (which my own comment here is, by the way) could get filtered out. Or how about a "-1 Racist/Sexist Asshole" moderation choice?
Where's the suggestion box here at Slashdot, anyway?
You are welcome on my lawn.
Can we "tour" those sites with molotov cocktails and pipe bombs?
You are welcome on my lawn.
You are able to do all sorts of wacky things with moderation effects. Just make all moderation other than off-topic have no effect on rating, and browse at 0. Presto chango, "-1, off-topic" goes away and everything else gets to stay.
Try not to take me more seriously than I take myself.
For every single message you are getting, google is probably filtering out at least a hundred.
My own mail servers, tiny in comparison, get about a connection every second. 98% of those connections are rejected out of hand (bad HELO, fucked reverse DNS, residential IP address, bullshit brute-forced email address, etc) and of that remaining 2%, half is legitimate email. Which means for every hundred connections, one is legitimate. So 1% of all our mail traffic as legitimate. 1%.
In other words, you have no clue at all how fucking bad spam is. It is bad. Really bad.
Just switched a client to google mail for business (really, what is it called? Google Apps? Google Mail? huh) and have heard nothing but complaints. The "gmail" thing gets email that never shows up in their imap folder, their imap folder gets stuff that disappears from their gmail thing.
Attachments work funny.
If you delete message from a "thread" in gmail, it will delete every "send" and "reply" message in the whole damn thread and thus nukes all of it in Outlook. If you nuke a single message in IMAP, it fucks up how gmail handles the thread.
All kinds of things. Their thole thing is great, but the minute you want to use a "real" mail program on top of it (like most businesses I know), trouble brews and shit just doesn't work the way you'd expect. There was a reason Google took so long to add IMAP support--their whole damn system works like no other email program. I bet they had to basically hack the whole damn thing to work like a "real" mail system IMAP was designed for. Basically, using them is a horrible form of lock-in.
Now I have to move them back to a "real" mail system this coming week so their life can work as it always did.
Because it is cheaper in terms of bandwidth and CPU to first reject email based on things other than content. For example, you can quickly weed out about 85% of all spam traffic by just rejecting assholes who use mail-formed HELO's or don't have proper DNS. Filtering based on simple things like that dont eat your CPU and are very effective*. You can also weed out a bunch of trash by simply blocking residentail IP addresses using Spamhaus**. Greylisting will nuke about 10% of the rest, leaving you with 5% for content filtering.
If spammers buy "real servers" it means they aren't sending you bullshit headers with funky smelling DNS. It means they will eat into your CPU budget because you now have to fall back on content filtering. You dont want to do content filtering. You want to have spammers strike out because they aren't acting like real mail servers. 85% of spam comes from shit that acts nothing like a legit mail server.
* If you your EHLO doesn't match your reverse DNS record, say HELO to a disconnect. If AOL and Yahoo are doing it, I'll do it too. Cause if you don't have it configured the way the big-boys like it, you have worse problems then me rejecting your email...
** whose list of residential IP's are provided by the carriers themselves, not a bunch of spiteful assholes like SPEW's. And if you insist on running some SMTP server at home, you can de-block yourself automatically by visiting their website. Plus I'm pretty sure the bigboys use this list as well, so again, if I block your email, AOL and Yahoo are blocking it too.
"Cause I'll just email your manager and the sales guy who didn't get my customers email and hopefully you'll be fired."
I'll be fired because I blocked email from an IP address in your range that's set up to fire spam at people?
No, I don't think so, in fact I can advise the sales guys and management that anything coming from that IP address is likely to be fraudulent anyway. Check who you rent servers to, and check their activity, or lose the ability for that IP address to mail my servers until I'm happy you've got your act together. The end.