Slashdot Mirror
Web site identifies anonymous spammers
EngrBohn writes "This NY Times article reports on SpamCop, a website that will extract the real origin of anonymous (and spoofed) spam and then notify the spammer's network administrator. This basic service is free of charge, and for a $15 membership, additional services are available. " Cool-maybe I can get their home address and hire bounty...um...er.
This is a good thing. Spammers shit in their bed and now they have to sleep in it and in some cases so do their ISPs.
My first encouter with SpamCop was when it reported a valid email message as spam and identified myself as the sender.
My server simply relayed the message for a customer. There was no spam present and I was somewhat offended to receive "anti-spam" accusing me of the dirty deed!
Personally I don't know of anyone who likes or would miss a spammer.
No, they changed that. You have to give one now, and they verify it. It can still be "blowme@hotmail.com" if you want, but it's gotta be a valid email address.
This service does not post the spammer's home address. There would be no way to do this unless they have billing info and access logs for every ISP in the world... and even that wouldn't cover it.
This just decodes headers for you, and weeds out the spoofed garbage. It's nifty, though.
The mail sent to the admins used to be a lot more verbose, but I believe Julian changed it as a result of feedback from admins themselves. Now it's short but full of links to places on spamcop.net where you can get more info on the situation.
Most mail servers check to see if they will deliver mail for you as soon as you specify the recipient.
:)
So if you do the spam check AFTER accepting delivery of the mail, you will avoid the infinite loop.
-Pimp
PD-
Of course, this only works if the spam check doesn't involve sending any mail - cancel the mail after the server accepts/denies delivery.
If you NEED to check the actual delivery of mail (hm.. like Exchange servers), then send mail to yourself at a special address that is not spam checked - thereby avoiding the loop. Again.
>>It has to work this way, or spammers could simply
>>forge a non-relaying SMTP host at the
>>beginning of the message and bypass the checks."
>I don't understand what you are saying.
I mean you HAVE to check all the relays involved, because the spammer could add forged "Received From" header to the message using the name and IP of a non-relaying mailer, thus making your filter think the mail originated from a secured mailer
and is OK to accept.
The problems with this approach presented elsewhere in this thread are not insurmountable.
I'd like to implement this for my personal use, but I need a starting point. I just wanted to know if there was any solution out there already so I don't have to reinvent the wheel.
Saying Bill Gates (who is the founder and CEO os MS and therefore the human being most responsible for MS's actions) is not responsible for DOS/Windows/Office viruses is analogous to saying that an automobile manufacturer is not responsible for the explosion of gas tanks in car crashes. The product's creators don't directly cause the problem, but they are grossly negligent.
The original statement is a lot more like saying that baseball bats are responsible for assaults. It's sort of true, but not really.
The original statement (if true) says that the programming language of choice (PERL) for extracting email addresses from the internet is also the programming language of choice for parsing email headers. I think this says more about the PERL's ability to process text than it does about the spam debate.
2 problems with this
Assuming that The first ISP gives a crap
He will! Remember, this is a fully atomated system, that might be used by millions of users. So whenever someone spams, the first ISP get a number of complaining email proportional to the amount of people spammed. They will hate this as much as you do, and will try to put an end to it.
The first ISP can find the middle ISP
Easy. The program that send the complaint can point it out explicitly in the complaint.
The middle ISP gives a crap/is competent
The program might send complaints directly to middle ISP's too. Anyway, the middle ISP will face threats like "no more mail to/from you" from numerous angry first ISP's that all got tens of thousands of complaints clearly pointing out the middle ISP's insecure server as a possible source of spam.
I once went to buy something simple at radio shack, probably batteries, and I wasn't in the nice-guy mood at the time. So when the guy behind the desk asked for my name, I said "Doe, first name John". He typed it in, and sure enough, somebody already beat me to the punch, there was a john doe listed in the computer. Just to verify, he said, "John Doe of 123 apple St?", and I said, "Yup, that's me". It was hysterical. Plus it got funnier when the clerk said, "most people probably think you're lying when you say your name is john doe, but obviouslly it really is". Hahaha.
Anyway - we should all put a john doe into every radio shack. that way you just give 'em your name "john doe", and it'll speed up your order when they don't have to ask for your friggin' address. Or - it's still funny if you're the first to enter the address, try doing it with a straight face. "Yeah, I'm John Doe. Address is 123 Maple St". Give 'em your home state, just for varied kicks. Followed is the john doe address I've seen from my early years of typing in computer games from creative computing and those other books that had BASIC programs.
BTW, the slashdot user login cookie doesn't work with Netscape 4.6/W98 on my machine.
IE 5 works fine.
Anyone else?
-
Jesus saves - Gretzky gets the rebound and scores!
Also a very funny site.. dry humor. This guy should write a book : The Sarcastic Persons Guide to Beltsanding Spammers
aa, so desu ne!
compyuta cookie o moraita ga aru?
b) My phone company keeps charging me more money every few months for a basic account. Apparently, the cost of supporting local phone service is quite high
The cost of providing service hasn't changed, just the rules of the game. As you may know, the regulatory environment for telecomm has gotten so out of hand that nothing actually costs what you pay for it anymore, you pay either more or less and the ILECs, CLECs, FCC, ESPs, decide how to redirect the money, according to rules that seem to change every month. The most recent change is to soak you for any extra phone lines you have (up from $3.50/mo to inflation-adjusted $6 == $6.09 or something) which is apparently going to the long distance companies, so you pay more for your phone, but just watch those LD rates drop!
I'd be more excited about it if I ever made any LD calls, but I console myself with the thought that basic service is already subsidized (Universal Service) so I'm probably paying closer to cost than before. Still maddening though.
Most of the spam I get seems to originate from the USA, although it has been routed through some foreign server.
It appears to me that most non-USA sites haven't reached the conclusion it would be best for them to disallow relaying.
WWTTD?
Well, there is more to this. The bill text (http://thomas.loc.gov/cgi-bin/query/D?c105:4:./te mp/~c10541pyZs:e32892:) states:
(2) COVERED INFORMATION- The following information shall appear at the beginning of the body of an unsolicited commercial electronic mail message under paragraph (1):
(A) The name, physical address, electronic mail address, and telephone number of the person who initiates transmission of the message.
(B) The name, physical address, electronic mail address, and telephone number of the person who created the content of the message, if different from the information under subparagraph (A).
(C) A statement that further transmissions of unsolicited commercial electronic mail to the recipient by the person who initiates transmission of the message may be stopped at no cost to the recipient by sending a reply to the originating electronic mail address with the word `remove' in the subject line.
I still have to see a spam message with name and phone # of the spammer...
The Congress website also indicates that this bill passed the Senate, but not the House.
D00dslayer extraordinaire, 54 kills, average abuse report generation time 1 minute 10 seconds,
Tele-marketers effectively save money when you hang up quick, it frees them up to call the next person (ie a cheap negative). What hurts telemarketers is when they spend time on you and then don't make a sale (ie an expensive negative).
So waste their time, either ask them inane questions for ages (depending how bored you are this can be quite fun) or I usually just tell them "I'll go get the person you want to speak to", then go back to what I was doing. Pop back every 5 minutes or so and say "he's just coming now..." - this really cheeses them off. I had one guy hanging on for about an hour one time while I watched TV. In Australia this used to actually tie up their phone line, they could hang up but they couldn't actually get another dial tone until I hung up too.
Of course, if you're expecting a call, then your options are limited.
I don't get any near as many calls since I started doing this, may be coincidence of course.
I spent a lot of money on booze, birds and fast cars. The rest I just squandered. - George Best
That just gave me a great idea for a TOS policy:
SPAM POLICY - For every message that qualifies as "SPAM" (see our definition), a charge will be added to your credit card. This charge will increase with each "SPAM" message you send. Each "CC" and "BCC" or any other form of sending the same message to multiple recipitants counts as a different message. Our pricing policy works like this:
1st Message: $25
2nd Message: $100
3rd Message: $250
4th Message: $500
5th Message: $1,000
6th Message: $1,500
7th Message: $5,000
8th Message: $10,000
9th Message: $50,000
10th Message: $100,000
If you continue unsolicited mail after the tenth message, you will be charged a fee that is the same as the one for the message previous to it increased $100,000, and then you account will be terminated.
Just think if this was enforced. Then, when the spammers are on the streets and complaining that AOL ruined them, everybody will just laugh... sort of a clockwork orange kinda' deal...
SpamCop is a good idea, and I wish Mr. Haight (sp?) luck in his endeavour. However, I'm afraid that in my experiences with SpamCop I've found it to be slightly less then useful.
:-)
As head of the abuse department for a rapidly-growing ISP in Virginia, I get my fair share of spam complaints. I'm also an ardent anti-spammer, and not only hunt down all the spam that I get, but also help my customers hunt down their spam.
I have never gotten a legitimate spam complaint from SpamCop. The few that I have gotten have always been incorrect allegations of inappropriate conduct, and the actual messages are near-indecipherable at times.
However, I wish Mr. Haight the best of luck in future versions of his program - and hopefully once it hits a good level of reliability I'll be able to recommend it to my users.
On a side note, as another comment mentioned on Perl and spamming - there's a good interview with Larry Wall in the Linux Journal a month or so ago where he does claim that most spam probably not only harvests addresses using Perl, but also sends the spam using it.
Now good luck, and keep fighting the good fight.
--SeanMike
-- Wow. Another comment by SeanMike. All comments are not endorsed by IDI.
Actually, most of the headers are not in RFC821 (SMTP), as it only defines the protocol:
MAIL From: me@me.com
RCPT To: me@me.com
DATA
>
Those headers are typically generated by the SMTP client before it sends the mail. Typically the only thing added by the server is Received and Return-Path headers. It is somewhere within these headers which a service like this can track Spam (at least to a certain point. Of course, the easiest way to start detecting whence spam originates is to look at the Message-Id header.
Last time I went to RadiosHack, they asked for my last name. Whatever. I tell him. No problem, rings up, gives me the receipt. I now have the address and phone number of someone with the same last name as mine...
-- Don't Tase me, bro!
Like the majority of people (with the possible exception of folks who don't get much mail and are happy to see ANYTHING appear in their 'in-box') I despise Spam. However, having chosen to work from home today thinking I would have some peace and quiet during my coding, I realized something.
...
I prefer Spam to telemarketers!
At least with Spam, I can just hit the delete key and it is gone! I suppose I could just hang up on the telemarketers, but years of social conditioning make that nearly impossible
YS
"Arrr! The laws of science be a harsh mistress." -- Bender
Perl is responsible for SPAM? Wow, the FBI better go after Kernighan and Ritchie. I'm guessing that they're responsible for a lot of virii... :)
Posted by wtr:
The general concensus on several different anti-spam mailing lists is that SpamCop, while somewhat useful, frequently misidentifies the source of the spam. One of the many problems is that many older Sendmail 8.6 systems used by spammers don't correctly identify the source of the email comming through the relay. They blindly stamp on anything you tell them in the HELO statement without any verification.
It would be a lot easier to just block incoming
.ac.kr and .ac.jp.
mail from mailservers that are open for relaying.
The MAPS RBL and the other RBL's only work if the
offending site has already been reported. From
my experience the sites I get spam from have not
been entered, and you have to jump through some
hoops to get them entered. Big deal, so the
spammers use the next server on the list of open
relays they scanned for in
Why can't I set up sendmail or whatever program
to reverse-scan the intermediate mailservers for
misconfiguration and bounce mail accordingly?
I know I might bounce some legit mail, but I'm
willing to do that, since my SMTP server only
receives mail for me and no one else. At least
the bounce message could tell them why their
mail was refused and the sender could take it up
with their sysadmin.
Is there such a method of refusing mail from
_ANY_ open relays already implemented in some MTA?
I just got an email from somebody wanting to sell me space on their server and they said that they were 'spam tolerant'. What good is it if your network administrator is in on the crime??????
Posted by FascDot Killed My Previous Use:
1) MS Exhange doesn't (in fact, can't) relay, but doesn't report this fact to the sender. So your method would automatically block all mail coming from Exchange. This is not necessarily a killer, but...
2) There might be multiple SMTP servers between the originator and you. If the first one relays but the rest don't you will still get spam.
---
Put Hemos through English 101!
> Same goes for websites that ask for my address
Whenever I am asked for an address, I use root@ the domain name of the web site in the remote hope that someone in charge will get as pissed at the spam as we do.
-=[doug]=-
It's been posted again and again in news.admin.net-abuse.email that most abuse admins despise SpamCop. In fact, it's so unpopular that some admins have admitted to simply bit-bucketing all SpamCop correspondence.
>I prefer Spam to telemarketers! ...
>
>At least with Spam, I can just hit the delete key and it is gone! I suppose I could just hang up on the
>telemarketers, but years of social conditioning make that nearly impossible
Caller ID is your friend!
I've found from experience that any call that comes thru as ``Anonymous" or ``Unavailable" is a telemarketer -- especially if there is no phone number included. And as I & my wife have ignored those calls, over the months these junk calls have tapered off.
YMMV.
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
Customer account is toast, web page is no more, user bank account will be minus $500 from our clean-up fee, and the spammer is looking for his 50 Free Hours AOL cd.
We've recently tested the Orbital Anvil Bombardment System on this spammer. The results were promising. We had to hire the folks at http://www.asepsistechnology.com to clean up the mess.
This user account has been terminated and charged $1,000 in accordance with our Terms and Conditions agreement.
Woohooh!
Female Prison Rape in NY
I got an interesting spam on my throwaway hotmail account today. I read it in full just for kicks, and saw an interesting notation at the bottom, which I've copied here:
/. readers being aware of this site's existence. :)
"***Under Bill S.1618 TITLE III passed by the 105th U.S. Congress this letter Can Not be Considered Spam as long as we include the way to be removed."
"To be removed from future mailings Free, simply respond with "REMOVE" in the subject line. This will permanently remove you from all future mailing: remove@update4u.net"
Of course, it's common knowledge that a response will get you spammed to the nth degree. So clearly they don't intend to live up to their end of the deal. Is their legal reference for real? I know that the legality of sending unsolicited mail is dubious at best anyway, thanks to the fax law that was mentioned before. The main concern is that these spammers might be able to turn the tables on us somehow.
Oh, here's something that a completely unrelated search turned up; a how-to for spammers! Behold this nauseating chunk here: http://www.billminder.com/
For the record, I take no responsibility for any damages that occur as a result of hordes of
(of course, the software could just be virus laden bait; we can dream, right?)
I assert ownership of all trademarks and copyrights on this page.
Email isn't anonymous to begin with, unless you're bouncing through one or more anonymous servers. All this service does is provide an easier way to track down the server that originated the crap and look up publicly available info on that person. Kinda like looking at the postmark on a letter and finding contact info for the postmaster in that town.
Personally, I have blackmail set up. If a DNS check on the host name provided with EHLO fails, if a DNS check on the domain the from: line has fails, or if the To: address == From: address, I don't see the email. Occasionally, a valid email bounces. More often, it just means I don't have to deal with most of the UCE I get sent. And I post to Usenet with my real address, too.
If there would be a God people like you would not exist.
Having to register to read NY Times is lame, and I'm suprised Slashdot supports this, by constantly posting articles pointing to their site. Perhaps we need to create a slashdot user account for slashdot readers? I sure as heck ain't gonna add myself to another database of spam.
I wonder how SpamCop is able to extract the phoney origins from the "genuine" ones?
Now if the Network Admin *is* the spammer then I think DoS is in order no?
Posted by FascDot Killed My Previous Use:
I just used it to report a spam and it (apparently) worked great. Couple of problems though: 1) I had to give a valid email to use the service. Upside is it allows "throwaway" addresses and they even provide one-use addresses to subscribers. 2) The report sent to the admins is kind of ugly. No explanation or "how to fix", but a bunch of headers and ugliness. 3) The website itself, while it works fine, is amazingly ugly. 16pt black type on yellow background, etc.
---
Put Hemos through English 101!
I'm reminded of how anti-abrtion site that posted the names and addresses of doctors got sued last year for something in the 10's of millions of dollars. The Doctors' addresses were suupposedly found out from this site. Now is it legal as it it, or can the site get sued if somebody kills a spammer with a posted address?
- ----
-------------------------------------------------
try
here
They need you to register that way the NY times along with Radioshack can conquer the world. All part of the master plan, why do you think they ask for your name at Radioshack when you're buying bateries? One way or another, all will signup for the NY times. It's just a matter of time..
I wonder how the newsgroups will like this?
It's a thankless job, but I've got a lot of Karma to burn off
Posted by FascDot Killed My Previous Use:
I think the poster was refering the IDP (Internet Death Penalty) for sysadmins who knowingly send/allow spam.
---
Put Hemos through English 101!
I've been using this for quite a while. It's great becuase most of the spam I get has forged address information in the header (duh).
All you do is post the entire message (headers and all) and SpamCop parses it out and lets you know the e-mail addresses (abuse@, postmaster@, etc) that you need to complain to. It even composes an e-mail for you to send if you want.
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
Does this mean that there is no way to access a host anonymously? Or send email? Isn't this a privacy breach?
Posted by FascDot Killed My Previous Use:
Try this one, too...
---
Put Hemos through English 101!
Kill 'em all, and let God (or whatever) sort them out.
Posted by The Mongolian Barbecue:
fill in random garbage for all registration fields. It doesn't check email addresses.
Of Spam Cop, I can say two things...
1) It is very effective in making admins aware of spam traffic from their system; and
2) It is less than helpful to admins in identifying that is going on.
The really bad thing is that you get so much e-mail, it's almost a DoS in itself.
jf
boy these guys are so full of crap. check out the site, www.billminder.com
theyre trying to sell their "personal email server" for $289, saying its a recent technological breakthrough that will "speed up the internet faster than ever" since your junk mail "wont go through your ISP" so no-one will complain! (im not joking, you cant make shit like this up!) dude, to all those guys who blew out the mindcraft site and nuked that magazine article writer, you really oughtta fsck these guys up. i mean, those other people were questionable, but theres no excuses for this vile contemptible spawn of satan.
wonder what "technological breakthrough" in email hes talking about...
the melissa "virus"?
the funny thing is they say theyll give you the software for free if you buy their guide to spamming people.
scum like this do not deserve to live. the owner of that site should be beaten until dead.
and then dismembered.
MS Exchange DOES in fact allow relays. Exchange 5.0 requires the administrator to hack the registry, supposedly Exchange 5.5 changes this so that you can turn on or off the relay setting. My ISP required me to turn off the setting, so I had to go into the registry and make the necessary changes.
s /q193/9/22.asp
Here is the Microsoft knowledge base article regarding Exchange relaying Unsolicted Commercial E-Mail (UCE):
http://support.microsoft.com/support/kb/article
please meet virtual machine A and B, who have been configured to do a reverse open relay check on RCPT, One a particular day, A wants to send some email to B...
A: "HELO, B"
B: "pleased to meet you. A"
A: "I have some mail for you"
B: (thinking, do I trust A? Let me see...)
(B starts working in the background)
B: HELO A
A: Pleased to meet you B
B: I have some email for you (hee hee, but I'm not going to send it, just checking your answer"
A: (thinking, do I trust B? let me see...)
(A starts working in ther background)
A: HELO B
B: Pleased to meet you again, A. Busy today, isn't it?
....
In short, it's a nice idea, but it would set up an endless loop.
--
Exigo spamos et dona ferentes
There is a difference between having your home searched and not using the Internet as a duck blind to avoid taking responsibility for your exercise of free speech.
Privacy isn't defined by the U.S. Constitution either (it's by statute,) but it's a moot issue, since none of that governs international law, and the Internet is international.
There are always ways to find out who people are on the Internet. SpamCop just makes it easier to find those who abuse it.
J.
damned vulpine http://sb.drtwister.com/
The Spamkilling Personal Interface (Tactical, Enhanced). Tis a very nice tool.
Still not dead.
Oh perhaps they are a bit fattening, but evil I wouldn't say.
Very nice with milk though.
It's nice to see you computer boys stop being so serious for awhile and enjoy talking about milk and cookies.
- Grandma
There is also an available text box that allows one to add any comments he or she feels are appropriate. If you feel that the system admin needs information on "how to fix" or just an explanation, I'm sure you can put it in there.
"I think the mistake a lot of us make is thinking the state-appointed shrink is our friend." --Jack Handey
I read somewhere (babelfish: Once upon a time) that Perl was responsible for a lot of Spam because it was used to extract information from newsgroups to find valid email addresses. Now this guy uses Perl to extract the same information on the Spammers
;)
Truly a Postmodern situation.
as long as packets are leaving your machine, you can be tracked...and this is not something that is going to go away. if you want to remain anonymous, don't log in.
My grandmother had cookies turned on in her browser and she went to the NY Times web site. A week later she was dead!
Conclusive proof that cookies are EVIL!
Or, we could just get a life and admit that cookies are necessary to make up for shortcomings in the HTTP protocol.
spamcop, in as far as i can see, just uses the email headers to find where send spam came from. spamcop doesnt seem, invasive. the anti-abortion site asked for more info on doctors.
Bottom Line:
nmarshall
#include "standard_disclaimer.h"
R.U. SIRIUS: THE ONLY POSSIBLE RESPONSE
nmarshall
The law is that which it boldly asserted and plausibly maintained..
--Colonel Burr 1783
Really, it's not that hard once you get the hang of it...
Female Prison Rape in NY
Security is guarantgeed by the constitution, but not by providers? Fuck spammers, and fuck email requirements too. Think about it how would you stop this so called service from releasing your info. Do you honest trust that delete button?
The ship sank. Get over it. (This sig was cut out from another's shirt and painstakingly hand-posted)
Female Prison Rape in NY
One of the best things about SpamCop is the forum. Julian's always there, always listening to people, replying; he'll answer any question you have and he is always making improvements to the site.
Let's face it, most of the email clogging the ether is from so-called anonymous spamsters.
...
And if they send it to a Washington State resident (and California too, I think), we and our State Attorney General She-Who-Must-Be-Feared will sue their butts off in court.
Time to grow up
Will in Seattle
Will in Seattle
...is what you pay to get these losers hung by the balls. Death to all spammers.
Yum!
Will in Seattle
Posted by FascDot Killed My Previous Use:
Of a story I heard about a guy who went to RadioShack and gave all kinds of crazy information. ("Name: King Solomon", etc) The counter-jockey is annoyed but accepts the information (what else is he going to do?). At the end the RS grunt has to ask "Is all this information accurate?" and the guy says "No. Now ring up my purchase."
---
Put Hemos through English 101!
www.brightmail.com is trying to do a similar
thing, filtering mail before it gets to your
mailbox.