Giving Your Greytrapping a Helping Hand

Peter N. M. Hansteen writes "Some spam houses have invested in real mail servers now, meaning that they are able to get past greylisting and even content filtering. Recently Peter Hansteen found himself resorting to active greytrapping to put some spammers in their place. The article also contains a list of spam houses' snail mail addresses in case you want to tour their sites."

Re:Um,

[tepples]

So is spam really that large of problem in 2009?

It's Gmail's problem. The cost of filtering spam means Google has to put more ads on your messages and, if Gmail becomes unprofitable, possibly even terminate free Gmail.

Re:Um,

[TheOtherChimeraTwin]

how much spam does the average /.er even get per day? I have gotten exactly one spam message that has made it past Gmail's spam filtering

Wow. I remember when the average /.er was running their own mail server. Let me tell you kids, those where the days! The world economy was strong, and I didn't have to have cat food for dinner.

Re:Um,

[noidentity]

I have gotten exactly one spam message that has made it past Gmail's spam filtering this year (2009) and it was quick and easy to delete. I don't give my e-mail address out to everyone, but I do sign up to many things with it yet still it is very rare for spam to make it to even my spam filter. So is spam really that large of problem in 2009?

I have seen exactly one malware on my machine that my virus scanner picked up and it was quick and easy to delete. I don't leave all my machine's ports open, but I do leave several vulnerable ones open yet it is still very rare for any of the malware's operation to be noticeable to me. So is malware really that large of a problem in 2009?

Grey-trapping

[goombah99]

I was not clear on the definition of grey-trapping. It is the process of providing decoy e-mail addresses that are discoverable by harvesters but not by ordinary humans. When mail arrives at the destination of a decoy, the sender IP address is then added to the spam filter of the receiver.

Basically sort of a honey pot approach.

So you might ask why can't ISPS do this at the ISP level rather than the user level? Make it opt-in, white-listable, etc..

The problem is what happens when some reputable sender get's on the list.

FOr example, Joe Spammer takes his address list and does a sing-up operation to Yahoo for all the addresses. Now the Yahoo registration server then does not automatically enroll them but still it sends an e-mail to every one of the e-mail addresses. some of which are the decoys.

so Yahoo gets grey-listed by the ISP.

I would think this attack would also foul up every grey-list in existance as well. So I don't actually understand how grey-listing works.

Re:Couldn't you just blacklist those servers?

[FooAtWFU]

This is the point where we send you Gmail invites and suddenly you've blocked Gmail.

Yawn. Antispam is a commodity purchase now.

[CFD339]

At one time I invested a few weeks time into building a heuristic antispam filter. One of the principles I used was very similar to this (there were many others).

I came to the conclusion pretty quickly that in the game of anti-spam, the larger the email pool you have, the more efficient your heuristic tools can be. Once I proved that to myself, I went looking for who was doing the best job using the techniques I decided worked best, and routed my mail through them.

Its cheap, effective, and gets the spam off my network bandwidth. Even if you do a perfect job yourself, you're still paying for the traffic. That's a waste by itself.

If you're so worried about privacy, get yourself an appliance that uses the same principles as the services (like postini, etc.). Either way, antispam is no longer a business for the individual.

Final Solution

[PopeRatzo]

The article also contains a list of spam houses' snail mail addresses in case you want to tour their sites.

Can we "tour" those sites with molotov cocktails and pipe bombs?