Then how do they get customers? I suppose they may use a URL, but then one can Elizacate their e-shoppe. It might be a bit more work, but not
entirely out of the question. Sort of a D.O.S. attack using Eliza-like technology.
Most smart spammers (I know that may be an conflict in terms) will either use a phone number, a physical address, or a web form. The only thing you can attack there is the web form. Spammers will usually set a maximum length per field. You may only use 30 characters for your name, 10 numbers for your phone number, and 50 characters for a comment. The way around this is to save a local copy of the form and strip out the max length variables. Then set eliza on it, or just pipe the chargen port to it.
forgery vs. forgery
on
Eliza for Spam
·
· Score: 2, Redundant
If the spammers was forging a non-existant email address at a non-existant domain, there might not be much of a problem. (Cause, no one is geting 'hurt') But, spammers often times forge addresses in innocent third party domains, or will forge addresses of inocent third parties. In these cases the postmaster at the domain, or the person getting the thousands of bounces, gets hurt. That is where the problem arises.
Please don't use this
on
Eliza for Spam
·
· Score: 5, Informative
This script is useless, unless you just want to harass some innocent third party. You will NOT be responding to the spammer. I know it is tempting to do, but your flames will not do any good. Why is that?
Spammers use invalid or non-working email addresses. While dealing with a spammer at my job (I work an abuse desk). The spammer told me that of a list of 200k email addresses 90% were bogus. Spammers don't put a working email in the 'From:' or 'Reply to:' fields because they would be flooded with bounces.
Spammers use random addresses in some innocent third parties domain. It is for the same reason as above. But this also helps to get past filters that try to determine if a domain is valid.
Spammers use the email address of someone who complained to them, or thier ISP. Spammers do this so the complainer gets to deal with the thousands of bounces, plus the flames, and now all the eliza replies.
Yeah, but its pretty easy to find the server from which the email originated from the full email header, heck, even a perl script could do this... (although i guess there are ways of even
spoofing this????).
There is no way to spoof the IP address in the 'Recieved" lines. The SMTP server that recieves the message records what IP it got it from. As far as a script to read the headers, be careful. Spammers do add extra 'Recieved' lines to throw of parsers (and humans).
Then you just get the script to respond to postmoster or root@offenfing.machine, stating that spam was originating from it. If you include the message ID in the email, the admin can
determine the spammer and hopefully will suspend their account. The again, it might be the admin doing the spamming....
Your best bet for finding an address to complaint to would to use 'abuse.net'. They have a whois server (at whois.abuse.net) that you can query against a domain; the server will tell you the best address to complain to.
Re:Sounds like a bad idea
on
Eliza for Spam
·
· Score: 3, Insightful
Also spammers don't use their own email addresses. They will use a random address at some innocent domain, or they will use the address of some one who complained. When you use this, you are harassing some innocent person.
How big is this society you are talking about? All of America? All linux users? Slashdot readers? Russian programmers who break encryption? Unless you are talking about a majority of society, you are not going to see much mainstream press. Does that suck? Yes, it does.
Sounds good, but what kind of processing power are you going to need to do all that? If you had a hundred or so users, it may not be that bad, but for large ISPs, it might be horrible.
Please read what I said again. Checking the entire massage would be useless due to the fact that there may be hundreds of random invalig HTML tags in the message. These tags would still show up in the message, but would be ignored by the mail reader. The tags would still be visible to the MTA.
I have already posted a way to get around that. Look here. For the goatsecx paranoid here is the link to cut and paste:
http://slashdot.org/comments.pl?sid=01/07/30/14442 47&cid=48
All a spammer would have to do is add invalid HTML tags all over his/her spam. Most users use some sort of HTML based mail reader and the invalid tage would not show. Look at the HTML source of this post to see for yourself. They can even put the tags in the middle of words, to be an even bigger bastard/bitch.
Most spammers use some sort of random character string in both the subject and body to get around filters that look for identicle messages being sent to the same system. I don't think checksums are going to do any better then the current filters that look for dupes. Sure, you could just look at the first, N lines, but spammers are also inserting invalid HTML tags in their messages to foil pattern matching. Since the tags are invalid, people dont see them. (considering that most people use some sort of HTML enabled mail reader)
Here's the deal; he's connecting to the internet somehow, so you have to track him down with that. Mail messages contain, in their headers, the IP address of the sender. Now, it's
possible to forge these, but this is an outlook virus, and I imagine that outlook tells the truth about it's IP address.
It is not possible to forge these headers, he may be able to add extra bogus headers, but his IP *will* be in there.
He will need to do both. Once he has an IP and the timestamp from the headers, he will need a subpoena top get the account that was used. With any luck, he will also be able to get the ANI of the phone line that was used. Once he has the ANI, he will need to contact the phone company to get the address of the guy, which might also require a subpoena.
But, you have a private network, mostlikely used by a few people (correct me if I am wrong). We are talking about having several hundred users all activly using their connections, some of them heavily.
Stores around here are kinda slow as well. But, pricewatch always has the new stuff as soon as it comes out. You have to pay for shippig ans all that, but if you want the latest, there you are.
What if I receive an e-mail from someone that I would normally not mind getting e-mail from, but this one is one I do object to? Examples might be my
girlfriend's break-up note
You have (had?) a relationship with her; I would guess that you could not.
her father's threatening letter
Once again, most likely not. The threat might be actionable.
her mother's Cracker Barrel chain letter
Same.
Spam laws are passed due to the fact that spammers wont stop sending you stuff after you ask them to stop. I would hope that your ex and her parents would stop emailing you after the relationship was over. If not you would not be able to go after them for spam, but for harassment.
Slashdot Mirror
http://www.mailutilities.com/aee/ - a web harvester
http://www.mailutilities.com/adr/ - 'Direct-to-MX' spamware
It could be Cape Cod. Maybe they are taking the long route?
Most smart spammers (I know that may be an conflict in terms) will either use a phone number, a physical address, or a web form. The only thing you can attack there is the web form. Spammers will usually set a maximum length per field. You may only use 30 characters for your name, 10 numbers for your phone number, and 50 characters for a comment. The way around this is to save a local copy of the form and strip out the max length variables. Then set eliza on it, or just pipe the chargen port to it.
If the spammers was forging a non-existant email address at a non-existant domain, there might not be much of a problem. (Cause, no one is geting 'hurt') But, spammers often times forge addresses in innocent third party domains, or will forge addresses of inocent third parties. In these cases the postmaster at the domain, or the person getting the thousands of bounces, gets hurt. That is where the problem arises.
There is no way to spoof the IP address in the 'Recieved" lines. The SMTP server that recieves the message records what IP it got it from. As far as a script to read the headers, be careful. Spammers do add extra 'Recieved' lines to throw of parsers (and humans).
Then you just get the script to respond to postmoster or root@offenfing.machine, stating that spam was originating from it. If you include the message ID in the email, the admin can determine the spammer and hopefully will suspend their account. The again, it might be the admin doing the spamming....
Your best bet for finding an address to complaint to would to use 'abuse.net'. They have a whois server (at whois.abuse.net) that you can query against a domain; the server will tell you the best address to complain to.
Also spammers don't use their own email addresses. They will use a random address at some innocent domain, or they will use the address of some one who complained. When you use this, you are harassing some innocent person.
Those movies were both shot at the same time.
Both, it is covered in chocolate.
How big is this society you are talking about? All of America? All linux users? Slashdot readers? Russian programmers who break encryption? Unless you are talking about a majority of society, you are not going to see much mainstream press. Does that suck? Yes, it does.
WTF. He is an adult Jon. You are talking like some 14 year old is in jail.
Sounds good, but what kind of processing power are you going to need to do all that? If you had a hundred or so users, it may not be that bad, but for large ISPs, it might be horrible.
Please read what I said again. Checking the entire massage would be useless due to the fact that there may be hundreds of random invalig HTML tags in the message. These tags would still show up in the message, but would be ignored by the mail reader. The tags would still be visible to the MTA.
I have already posted a way to get around that. Look here. For the goatsecx paranoid here is the link to cut and paste:2 47&cid=48
http://slashdot.org/comments.pl?sid=01/07/30/1444
All a spammer would have to do is add invalid HTML tags all over his/her spam. Most users use some sort of HTML based mail reader and the invalid tage would not show. Look at the HTML source of this post to see for yourself. They can even put the tags in the middle of words, to be an even bigger bastard/bitch.
Most spammers use some sort of random character string in both the subject and body to get around filters that look for identicle messages being sent to the same system. I don't think checksums are going to do any better then the current filters that look for dupes. Sure, you could just look at the first, N lines, but spammers are also inserting invalid HTML tags in their messages to foil pattern matching. Since the tags are invalid, people dont see them. (considering that most people use some sort of HTML enabled mail reader)
It is not possible to forge these headers, he may be able to add extra bogus headers, but his IP *will* be in there.
He will need to do both. Once he has an IP and the timestamp from the headers, he will need a subpoena top get the account that was used. With any luck, he will also be able to get the ANI of the phone line that was used. Once he has the ANI, he will need to contact the phone company to get the address of the guy, which might also require a subpoena.
No, but he would jump on the next flight out of the US, that is for sure.
But, you have a private network, mostlikely used by a few people (correct me if I am wrong). We are talking about having several hundred users all activly using their connections, some of them heavily.
*splorf!* HAhahahaha! I wish I had some mod points, cause I would mod this: (+1, fucking funny)
Stores around here are kinda slow as well. But, pricewatch always has the new stuff as soon as it comes out. You have to pay for shippig ans all that, but if you want the latest, there you are.
They sell it here: Pricewatch
Now the electric company can screw me with huge internet costs as well.
You have (had?) a relationship with her; I would guess that you could not.
her father's threatening letter
Once again, most likely not. The threat might be actionable.
her mother's Cracker Barrel chain letter
Same.
Spam laws are passed due to the fact that spammers wont stop sending you stuff after you ask them to stop. I would hope that your ex and her parents would stop emailing you after the relationship was over. If not you would not be able to go after them for spam, but for harassment.