There are legit uses for email marketing. Spam is not so much about advertisements as it is about permission. I get several emails that are ads per week. I have signed up for these and the company tries to market various computer parts to me. i don't mind getting these, and infact, I enjoy getting them. What I do not enjoy is getting email marketing that I have NOT asked for. I think the legislators are trying to prevent the law from hitting emails like the ones I get and still smack the spammers who send me the junk I don't want.
Spamcop does make mistakes when parsing headers. This has causes several ISPs to blackhole all SpamCop based complaints. There are several spam header parsers out there. I would suggest learning about headers and using one ot those tools as a guide. Let the parser look at the headers and attempt to ID the spammer, but you should look at it and make sure it is OK before sending it out. This will cut down on misfires and help you learn headers to the point where you do not need the parser.
Each peice of mail has 'Recieved' headers that allow you to trace the path a message took to reach you. Unless the spammer is relaying thru an anonymous open relay, like some older versions of Sendmail, the originating IP can be found. With this you can track this to the ISP that controls that Ip and thus find the spammer. In many cases you will need to subpoena the ISP for the info. But, if you are suing, getting a subpoena should not be too hard.
They did allow people to buy a subscription to tech support. If memory serves me right, it was for a month at a time. It was only $5, the difference between their price and the state average for accounts that got free tech support. People who wanted tech support could pay for it, but those who felt like they did not need tech support could get the cheaper rate.
A few ISPs where I used to live, Indiana, had a policy of no phone tech support. Free support was given via either email or fax. When you signed up you had 1 or 2 calls for getting set-up, but after that, it was email and fax only. This kept the number of full time tech support people pretty low.
Dude, calm the fuck down. I am not a spammer. I was just passing on a link that I remember seeing on NANAU way back in the day. I thought it was funny.
I dunno if a similar tactic would work online, though. I should try it though, send a 3 meg file back the way the spam came (might work as a great substitute for my Delete key, too) and
see if I continue getting crap from these people...
I would be very hesitant to do that. Many of the addresses in the 'from:' line are either totally bogus or are some innocent persons email address. It is very rare for the from address to be the spammers.
Do you even know what ORBS is for? Theya re for open relays. Unless eBay is using an open relay to send their shit, ORBS doesn't want to hear your complaint. If you are gong to bitch, at least be smart enough to bitch at the right people.
"Oh no! The sky is falling! Everything is going to be banned! Quick, start posting to slashdot!"
They are talking about people looking at porno at their state jobs. I know I don't want to pay some state worker to wank to porn on my tax dollars, do you?
We had to start using the DUL to stop people using large dynamic dial-up pools from connecting to our mail server. The good side effect of this was there was a masssive reduction in Direct-to-MX spamming. Using the RBL and RSS was a good idea as well.
You might be able to limit the number of RCPTs per message, but that might harm your legit users, so do so at your own risk.
We used the DUL to prevent large dial-up pools from connecting directly to the server. We also monitored the load on the machine; there was a noticable jump when the dictionary attack would roll thru. Outside of that we treated every scan as a security incident and followed up whith the ISP responsible for the offenders IP address.
Just turn VRFY off like everyone else does. If they're actually _sending_ mail to these "dictionary addresses," BASTARDS!
The spammers are not using VRFY. They are starting a normal mail transaction and are trying to send mail to the addresses. In the end they do a RSET and bail out of the connection. NO mail gets sent, so the admin is not aware via bounces.
What? Are you trying to claim that all SMTP servers know all valid email addresses the world over?
Calm down. I never stated that. The spammer will start an interactive SMTP session and run thru a series of RCPT's and keep the OK's. Thus if a spammer got an OK on joe_blow while on 'mail.example.com', he would know that 'joe_blow@example.com' was a valid address.
What you have described is only going
to work over a single domain, and even then only with an incredibly badly adminned mail server.
Even well adminned servers are abuseable. The attack does not use EXPN of VRFY; it acts like it is a normal mail transaction. Most pro-spammers have multiple phonelines (I know one who has 8 lines), so they can run against multiple servers at the same time and can easily snag 1/4 million addresses a night.
Slashdot Mirror
There are legit uses for email marketing. Spam is not so much about advertisements as it is about permission. I get several emails that are ads per week. I have signed up for these and the company tries to market various computer parts to me. i don't mind getting these, and infact, I enjoy getting them. What I do not enjoy is getting email marketing that I have NOT asked for. I think the legislators are trying to prevent the law from hitting emails like the ones I get and still smack the spammers who send me the junk I don't want.
That is what you will have to do in most cases. If you are suing a spammer, getting a subpoena should not be too hard.
Spamcop does make mistakes when parsing headers. This has causes several ISPs to blackhole all SpamCop based complaints. There are several spam header parsers out there. I would suggest learning about headers and using one ot those tools as a guide. Let the parser look at the headers and attempt to ID the spammer, but you should look at it and make sure it is OK before sending it out. This will cut down on misfires and help you learn headers to the point where you do not need the parser.
Each peice of mail has 'Recieved' headers that allow you to trace the path a message took to reach you. Unless the spammer is relaying thru an anonymous open relay, like some older versions of Sendmail, the originating IP can be found. With this you can track this to the ISP that controls that Ip and thus find the spammer. In many cases you will need to subpoena the ISP for the info. But, if you are suing, getting a subpoena should not be too hard.
...or GNU/WindowsXP
Besides launching ships, what advantages might such a country have?
They did allow people to buy a subscription to tech support. If memory serves me right, it was for a month at a time. It was only $5, the difference between their price and the state average for accounts that got free tech support. People who wanted tech support could pay for it, but those who felt like they did not need tech support could get the cheaper rate.
A few ISPs where I used to live, Indiana, had a policy of no phone tech support. Free support was given via either email or fax. When you signed up you had 1 or 2 calls for getting set-up, but after that, it was email and fax only. This kept the number of full time tech support people pretty low.
RIAA found out and sued over it.
Dude, calm the fuck down. I am not a spammer. I was just passing on a link that I remember seeing on NANAU way back in the day. I thought it was funny.
I would be very hesitant to do that. Many of the addresses in the 'from:' line are either totally bogus or are some innocent persons email address. It is very rare for the from address to be the spammers.
The goatse.cx guy pops up and talks to you via his butthole.
Yeah, we see how well that has worked so far.
Your HR department must be considerably more lax when dealing with sexual harassment cases. :)
So, you would rather have free over secure?
Or the trolls might pool their money and buy it... *shudder*
How about several million tons of AOL disks? Between the 5-6 PC mag subscriptions, I think I have that covered.
Do you even know what ORBS is for? Theya re for open relays. Unless eBay is using an open relay to send their shit, ORBS doesn't want to hear your complaint. If you are gong to bitch, at least be smart enough to bitch at the right people.
They are talking about people looking at porno at their state jobs. I know I don't want to pay some state worker to wank to porn on my tax dollars, do you?
11pm: sleep
What happens from 10:30 til 11? Being a young computer user, there can be only one answer: He is masturbating furiously to all the pr0n he got on IRC.
We had to start using the DUL to stop people using large dynamic dial-up pools from connecting to our mail server. The good side effect of this was there was a masssive reduction in Direct-to-MX spamming. Using the RBL and RSS was a good idea as well.
You might be able to limit the number of RCPTs per message, but that might harm your legit users, so do so at your own risk.
We used the DUL to prevent large dial-up pools from connecting directly to the server. We also monitored the load on the machine; there was a noticable jump when the dictionary attack would roll thru. Outside of that we treated every scan as a security incident and followed up whith the ISP responsible for the offenders IP address.
The spammers are not using VRFY. They are starting a normal mail transaction and are trying to send mail to the addresses. In the end they do a RSET and bail out of the connection. NO mail gets sent, so the admin is not aware via bounces.
Calm down. I never stated that. The spammer will start an interactive SMTP session and run thru a series of RCPT's and keep the OK's. Thus if a spammer got an OK on joe_blow while on 'mail.example.com', he would know that 'joe_blow@example.com' was a valid address.
What you have described is only going to work over a single domain, and even then only with an incredibly badly adminned mail server.
Even well adminned servers are abuseable. The attack does not use EXPN of VRFY; it acts like it is a normal mail transaction. Most pro-spammers have multiple phonelines (I know one who has 8 lines), so they can run against multiple servers at the same time and can easily snag 1/4 million addresses a night.
What ISP was this? indy.net (RIP)