RDNS is a big clue, but you frequently end up catching some static accounts in there too. So you either be conservative or be prepared to do a lot of whitelisting.
Something I have found to be more effective is to check if the sender has suspicious open ports (135,139,445,1025,5000) and to blacklist based on that. I did some testing on "known spam" and found that >90% of senders had one of more of these ports open, only a Very small fraction (a handful out of tens of thousands of servers) of legit email did.
Yeah, it has started to require hardware upgrades, but more importantly is that it has required a lot more WORK. Time is money, and unless you are severely underpaid, your time costs a LOT more than the hardware.
The latest I've seen from spammers is that they use REAL text - not random words. They pull random paragraphs from web sites, press releases, and normal emails. Couple that technique with spamming via botneted machines that send via the botnetted user's own email account, and you are all done. Just wait - it's happening.
I'm also very promiscuous with my email address... and just like you it's because Gmail takes care of all the crap, simply and effectively.
But google is (so far) a nice company, and I don't like to do that to nice companies. This is why I use hotmail for all subscription crap. I sign up for ALL the newsletters with hotmail.
That makes very little sense. The big ISP's don't have one email server. They have hundreds. What will happen is that you will eventually blacklist all of them, and when a user gets a bounce, he can whitelist ONE of the servers, send his message again and get another bounce because he hit yet another bkacklisted server.
You are better off maintaining a per SENDER whitelist rather than per SERVER to be effective in this scenario (which is what we do for "evil" domains like yahoo and such that are heavily used by 419ers.) Evil domains get a large base spamassassin score "just because", with large negative offsets for whitelisted users (and other "secret" reasons.)
Don't expect Greylisting to reduce spam for long. Spamware is evolving and will start taking greylisting into account shortly, much like image spam gets around bayesian analysis. It's a matter of time before spammers start snagging email configuration info (such as SMTP Auth info) from pwned machines and sending spam via normal ISP gateways. Even rate limiting won't help as the number of pwned machines is massive, and growing every day.
BTW, even OCRing (which is very expensive computationally) of image spam is starting to fail as spammers start using noise and funky fonts (like a captcha) to foil anti-spam systems.
I really don't see long-term technological solutions to spam as long as it's so damned easy to pwn a machine.
I don't see spoofing as the problem. I see critical mass as the problem. Unless nearly ALL ISP's and email systems adopt a single "standard", the mechanism is useless. We don't have critical mass. I'm seeing less than 1% adoption rate for any of these systems.
Furthermore, these systems are not designed as anti-spam systems. Phishing and JoeJobs they may help with. Spam not at all. Since they don't help fight spam, there is no incentive to adopt them.
I don't see it that way. IMHO, this fundraising effort is failing due to the lack of corporate sponsorship. You can't go after individuals at this level. You need corporations who will say, "I'll buy 5000." The slashdot crowd is the wrong crowd to spend much marketing effort. It doesn't take many corporations to achieve your goals, but it takes a Huge number of individuals.
Is the organization a 501c(3) tax deductable charity?
Back in the Clinton era, computers were still quite expensive. Now you can get a nice business-class desktop for about $500 instead of $2000.
IMHO, the problem with schools is that they are a (very poorly run) government monopoly. Vouchers would solve this, creating an educational industry that is responsive to parents and the needs of students. Due to the cost of private education now, most private schools are run by churches. A voucher system would change that.
Yeah. What he said. No, wait, Buy Microsoft because it's so much better - oh wait - it's not? And it's brown? But it has wifi! What do you mean the wifi is useless? But it's MICROSOFT!! They are innovating here! If you are against microsoft you must be against innovation... It won't play my "plays for sure" music I bought last month because they changed the DRM format again? That's just not possibe - Microsoft wouldn't lie to me.... OK, well, I still like WMP, so I'll buy a third party WMP based device instead. What do you mean I can't play the music I already purchased on it? Damn it to hell, I'm going back to my portable 8-track player so I can play my favorite BeeGee's tracks...
Huh. More bad moderation. Why is an alternative player off-topic? Sounds on-topic to me. Of course I tried to download this wonderful new software from Microsoft and got a message: "Your operating system is not currently supported by Windows Media Player."
Damn, and I was SOOO looking forward to finally get a music player that "plays for sure."
Most people with home wireless lans use wireless routers with the built-in firewall instead of an access point, switch, and a PC with ICS, so I wouldn't expect wireless networks to be a major issue in this specific issue.
Personally, I dumped the Telco supplied POS DSL modem and got a Sangoma S518 PCI card. Best thing ever. Can do full rate QOS (since you eliminate the "Huge Buffer of Doom") and syncs at a higher rate than the crappy Westell modem. Not sure if they work in AU, but it's worth looking into.
I think you meant "PC Novice". The enthusiasts were the ones trying new and different technologies rather than the bland boring crap that came with the PC.
You have enemies? What the hell did you do to have enemies? I used to get a lot of annoying calls from telemarketers and such (before I installed Asterisk which can block them,) but I don't have "enemies".
Yep. It's interesting to compare the different processors. I started on the 6502, played with z80, then 68000, 8088 and IBM360. After learning the 68000 and how elegant the instruction set is, I have a MUCH greater appreciation for just how bad the x86 instruction set is. I feel sorry for anyone that has to do x86 assembly programming for a living.
I'm perfectly aware of the workarounds - I have a macbook pro. Workarounds are not true replacements AND are non-intuitive. Everyone I know who uses a mac uses a third-party multi-button mouse. Everyone (including myself.) Nobody I have ever met still uses the single button mouse. Sometimes it's not convenient to use an external mouse, and in those rare times the non-intuitive workarounds need to be remembered. Just because you don't like criticism doesn't mean that the criticism doesn't have merit.
Slashdot Mirror
RDNS is a big clue, but you frequently end up catching some static accounts in there too. So you either be conservative or be prepared to do a lot of whitelisting.
Something I have found to be more effective is to check if the sender has suspicious open ports (135,139,445,1025,5000) and to blacklist based on that. I did some testing on "known spam" and found that >90% of senders had one of more of these ports open, only a Very small fraction (a handful out of tens of thousands of servers) of legit email did.
Yeah, it has started to require hardware upgrades, but more importantly is that it has required a lot more WORK. Time is money, and unless you are severely underpaid, your time costs a LOT more than the hardware.
The latest I've seen from spammers is that they use REAL text - not random words. They pull random paragraphs from web sites, press releases, and normal emails. Couple that technique with spamming via botneted machines that send via the botnetted user's own email account, and you are all done. Just wait - it's happening.
More than that, he needs to learn how to use whitelists. No need to be running mail from trusted senders through spamassassin.
On the good side, you can use the information from all those bouncebacks to blacklist the morons that are bouncing.
I'm also very promiscuous with my email address... and just like you it's because Gmail takes care of all the crap, simply and effectively.
But google is (so far) a nice company, and I don't like to do that to nice companies. This is why I use hotmail for all subscription crap. I sign up for ALL the newsletters with hotmail.
On the flip side, I wonder how many people are making money by following the opposite of the spammer's advice?
That makes very little sense. The big ISP's don't have one email server. They have hundreds. What will happen is that you will eventually blacklist all of them, and when a user gets a bounce, he can whitelist ONE of the servers, send his message again and get another bounce because he hit yet another bkacklisted server.
You are better off maintaining a per SENDER whitelist rather than per SERVER to be effective in this scenario (which is what we do for "evil" domains like yahoo and such that are heavily used by 419ers.) Evil domains get a large base spamassassin score "just because", with large negative offsets for whitelisted users (and other "secret" reasons.)
blacklisting all hosts sending mail to spamtraps
So you blacklist all mail from yahoo, hotmail, gmail, msn, aol, verizon, earthlink, etc.? Because all of those servers send to spamtraps all the time.
Don't expect Greylisting to reduce spam for long. Spamware is evolving and will start taking greylisting into account shortly, much like image spam gets around bayesian analysis. It's a matter of time before spammers start snagging email configuration info (such as SMTP Auth info) from pwned machines and sending spam via normal ISP gateways. Even rate limiting won't help as the number of pwned machines is massive, and growing every day.
BTW, even OCRing (which is very expensive computationally) of image spam is starting to fail as spammers start using noise and funky fonts (like a captcha) to foil anti-spam systems.
I really don't see long-term technological solutions to spam as long as it's so damned easy to pwn a machine.
I don't see spoofing as the problem. I see critical mass as the problem. Unless nearly ALL ISP's and email systems adopt a single "standard", the mechanism is useless. We don't have critical mass. I'm seeing less than 1% adoption rate for any of these systems.
Furthermore, these systems are not designed as anti-spam systems. Phishing and JoeJobs they may help with. Spam not at all. Since they don't help fight spam, there is no incentive to adopt them.
I don't see it that way. IMHO, this fundraising effort is failing due to the lack of corporate sponsorship. You can't go after individuals at this level. You need corporations who will say, "I'll buy 5000." The slashdot crowd is the wrong crowd to spend much marketing effort. It doesn't take many corporations to achieve your goals, but it takes a Huge number of individuals.
Is the organization a 501c(3) tax deductable charity?
Back in the Clinton era, computers were still quite expensive. Now you can get a nice business-class desktop for about $500 instead of $2000.
IMHO, the problem with schools is that they are a (very poorly run) government monopoly. Vouchers would solve this, creating an educational industry that is responsive to parents and the needs of students. Due to the cost of private education now, most private schools are run by churches. A voucher system would change that.
Why would you be using ICS if you are logged on to a wireless router?
Exactly.
I've no idea why MS hasn't released its own beer yet.
They did, but the DRM feature won't let you get the cap off, so no store bothers to stock it. Too many returns.
Yeah. What he said. No, wait, Buy Microsoft because it's so much better - oh wait - it's not? And it's brown? But it has wifi! What do you mean the wifi is useless? But it's MICROSOFT!! They are innovating here! If you are against microsoft you must be against innovation... It won't play my "plays for sure" music I bought last month because they changed the DRM format again? That's just not possibe - Microsoft wouldn't lie to me.... OK, well, I still like WMP, so I'll buy a third party WMP based device instead. What do you mean I can't play the music I already purchased on it? Damn it to hell, I'm going back to my portable 8-track player so I can play my favorite BeeGee's tracks...
Huh. More bad moderation. Why is an alternative player off-topic? Sounds on-topic to me. Of course I tried to download this wonderful new software from Microsoft and got a message: "Your operating system is not currently supported by Windows Media Player."
Damn, and I was SOOO looking forward to finally get a music player that "plays for sure."
Most people with home wireless lans use wireless routers with the built-in firewall instead of an access point, switch, and a PC with ICS, so I wouldn't expect wireless networks to be a major issue in this specific issue.
Advice like that is why we have a major botnet problem.
Personally, I dumped the Telco supplied POS DSL modem and got a Sangoma S518 PCI card. Best thing ever. Can do full rate QOS (since you eliminate the "Huge Buffer of Doom") and syncs at a higher rate than the crappy Westell modem. Not sure if they work in AU, but it's worth looking into.
pc enthusiasts
I think you meant "PC Novice". The enthusiasts were the ones trying new and different technologies rather than the bland boring crap that came with the PC.
Of course no discussion about back doors or prison is complete without linking to two.
You have enemies? What the hell did you do to have enemies? I used to get a lot of annoying calls from telemarketers and such (before I installed Asterisk which can block them,) but I don't have "enemies".
Yep. It's interesting to compare the different processors. I started on the 6502, played with z80, then 68000, 8088 and IBM360. After learning the 68000 and how elegant the instruction set is, I have a MUCH greater appreciation for just how bad the x86 instruction set is. I feel sorry for anyone that has to do x86 assembly programming for a living.
I'm perfectly aware of the workarounds - I have a macbook pro. Workarounds are not true replacements AND are non-intuitive. Everyone I know who uses a mac uses a third-party multi-button mouse. Everyone (including myself.) Nobody I have ever met still uses the single button mouse. Sometimes it's not convenient to use an external mouse, and in those rare times the non-intuitive workarounds need to be remembered. Just because you don't like criticism doesn't mean that the criticism doesn't have merit.