I know a guy who burns zipped, trapped relay spam to CD. He sacrifices some bandwidth for the incoming spam but nobody then has to lose bandwidth at the destination, nor lose storage space: that spam never shows up. Do this widely enough and it won't need to be done at all: realy spammers will give up. Won't that be nice?
Look at:
http://www.corpit.ru/cgi-bin/h0n5yp0t
and
http://fightrelayspam.homestead.com/
It is being done today. It has been done for months. Isn't it time you gave this a try?
You sound like a spammer pretending to be a normal user. Ah, well.
You want a MAJOR change, then? I can give you a MAJOR change, which already is starting. The change: quit being so complacent. Relay spam (one of the main types, if not THE most prevalent) can be stopped trivially. The spammers use open relays for relay spam. Efforts to eliminate open relays have failed (they've had great success, just not enough success.) So add to that effort a second, easier effort: create fake open relays.
These fake open relays are called relay spam honeypots, or just honeypots, and some already exist and are in operation. This is maybe the best one for you to see the idea in operation:
http://www.corpit.ru/cgi-bin/h0n5yp0t
To learn more check out
http://fightrelayspam.homestead.com/
If you run a mail server and see relay attempt rejections in your logs you probably are on an internet segment that can have a successful honeypot. If you are in Korea or China fortune really shines on you: you can capture one whale of a lot of spam. Even in the U.S. (e.g., Wisconsin) you can have a positive effect.
I'd get rid of the atitude that nothing can be done. Elsewhere I say to use honeypots, which I believe is good advice, but if more people would approach the problem with the attitude that the anti-spammers can eliminate (legally) the spammers it would happen.
For those of you who want such a solution given to you there's this:
Honeypots are equal-opportunity mallets. They will trap spam from smart and dumb alike.
Thanks for your words of support. Can you (plural) begin to imagine the feeling of joy and power when you see the spammer sending his spam to you to relay and you know it will never be delivered? Not to mention the opportunity to nail him at his ISP (if he spams from an ISP - much relay spam now comes from open proxies).
I've sent in larts for hundreds of spammer dropboxes (accounts where he receives replies to his spam) to have the accounts closed. If I do that before most of the replies arrive all of the spam is wasted, even that which got through.
If you run a Linux or Unix box and don't need port 25 to be used for a real mail server on it (true of thousands of systems in.edu, for sure) you can run a relay spam honeypot. When someone with talent (in Perl, say) writes a honeypot for Windows then millions of systems will trap relay spam. (The previous sentence is intended to inspire Perl-capable programmers to write such a program. A Linux version was posted Feb. 24 on news.admin.net-abuse.email. TMTOWTDI.)
I don't know why the ISPs are as you say. I am saying that for a particular kind of powerful lart they act in response. To know why they don't act on others you'd have to ask them.
I don't work, I'm retired. I can be reached from the mailto on my web page that tells you how to fight spam at the relay. I've been doing this for 2 1/2 years. It is ridiculously easy to do and is very effective, as evidenced by the results I cited. While I wait for the ISPs to act all the spam just comes to the fake open realy, never to escape, never to bother the recipient. I'll bet that somewhere in the world is a honeypot with at least one spam for you trapped. That's a pathetic tiny fraction of the total spam and I realize that.
On the other hand I'm talking about 3 honeypots (there are more but I don't have access or information for those) so having even one spam for you trapped is quite an accomplishment since I don't know who you are. It is a mistake for you to assume that what I said was meant to defend the ISPs. That wasn't the goal: I'm trying to tell you there is a way to end relay spam and that it is easy. The reason it hasn't ended relay spam already is that there are too few systems operating as relay spam honeypots. Change that and relay spam dies. As it stands that's a true statement with no particular value since it says when there are enough to end relay spam then relay spam will be ended. It is very probable that the number of honeypots needed is not huge and that the number can rapidly increase when concerned people try the approach. If you run a server and if your mail logs show failed relay attempts then a honeypot on the same IP segment almost surely will soon trap spam, once it is set up. Please check it out. I think you will be very glad you did.
http://fightrelayspam.homestead.com/
is my web page.
http://www.corpit.ru/cgi-bin/h0n5yp0t
is a working relay spam honeypot. Please look at it.
So, critique me. Be warned: My method has stopped millions of spam messages. Don't make too many assumptions. (False positives? Hah! What legitimate email is sent to relays completely unrelated to sender or recipient?)
http://fightrelayspam.homestead.com/
(Sorry for the popup.)
A marvelous example of this idea at work:
http://www.corpit.ru/cgi-bin/h0n5yp0t
This works so well I have a goal: end relay spam in July, 2002.
You say: 'Several ISPs, such as Verio, UUNET, Qwest, etc. host many spammers, and are willfully ignorant WRT the activities of the spammers - they do a fine Sgt. Schultz "I know NOTHING, NOTHING" when confronted with the evidence' Which I accept as a true statement of your experience. uu.net has apparently nuked every account using an IP reported to them via
http://www.corpit.ru/cgi-bin/h0n5yp0t
When given strong evidence they (ISPs) do act. Many other ISPs (Popsite, Sprint, etc.) have similarly acted on such complaints. While waiting for them to act all the spam going to the realy spam honeypoot is being absorbed. It does not go to and annoy the intended recipient. There are more millions of un-delivered spam messages because of relay spam honeypots than you will believe.
A longish exposition of the idea. Sorry for the popup.
This idea works. My goal is to stop relay spam in July, 2002. I can't do that alone: it will require a lot of honeypots. 29 days to go: so far I haven't seen it stop. Still plenty of time. Try this, report your results. Get in early to stop the most spam. The latecomers may get no relay spam at all: they'll be too late.
You might have trouble tracking back to the spammer. Try this, though: run an open relay honeypot. If the spammer sends directly to you you are connected to an IP he is using. Note that it is very probable (with a direct connection to the spammer) that the IP is a dialup and he is spoofing that IP from the actual spam source. Whether or not these are the same system I can't say but it has been reported that some of these dialup IPs have the characteristics of a 3Com switch when profiled. You might need to penetrate the 3Com to get to his actual computer.
It would be wrong to do something illegal but if the spammer connects directly to you there's some aura of self-defense in countermeasures you might take. In addition, is he going to go to law enforecement agencies and report you? That's almost something to wish for.
I sympathize with your situation and your point of view. I think that, in your position, you might be able to do something to help educate Chinese email adminstrators about how to cure some of their configuration problems.
I strongly favor relay spam honeypots as a weapon against those who send relay spam. See: http://fightrelayspam.homestead.com/files/antispam 03102002.htm
A few of these in China would have a tremendous effect. Recently/. reported on a single such honeypot in Moscow. It had trapped spam top about 1.7 million recipients at the time of the report. Now that has to be 2.2 million recipients: 508228 so far in the current spam run. This is a 100 MHz 486. A high-powered system is not needed if you wish to run a honeypot. Turn a few abused open relays into honeypots and watch the spammers retreat. Until they retreat watch them send tens of thousands of undelivered spam messages. It's a source of tremendous satisfaction to see the spam never be delivered. It's possibly to benefit over 1 million strangers and have them never even know you did it.
Great point. I'm happy as can be to see the honeypot in Moscow trapping (preventing delivery) of the U.S. spam that Ralsky is trying to realy through it.
I look forward to the day when there are similar honeypots throughout China, Taiwan, and Korea. To a relay spam honeypot it is immaterial where the spam originates: the spam is stopped. Such honeypots are a valuable addition to the arsenal of anti-spam weapons.
Most spam I trap has 48 recipients. It would be a long, long time before recipient 48 got his spam.
(Not too long ago most had 21 recipients. Even that would introduce some long delays.)
I don't think you can say with certainty what the spammers will do but they do seem to keep returning to my honeypot (about 2 years old.) Probably some do not now use it but one was still using it as of 2:51 p.m. CST today (the merchant credit card spammer). Right now he isn't using it: there's no way I can know why not.
I think some spammers have lists of open relays that they have discovered. Before using a relay in a spam run they retest it to see it if it is open. If it tests open they use it. Probably they add to this list periodically either by scanning for open relays (using test messages) or by stealing information from anti-spam open relay blocking services (I can think of at least one other technique they could use.)
I did have the joy once of watching a heavy spam run hit the honeypot. After about 1 1/2 days relay tests started coming: apparently the spammer knew there was some problem and was checking again. I automatically rcognize many relay tests and automatically deliver them so these sailed right through. Aproximately one day later the spam finally stopped.
The key to successful honeypot operation is this: deliver realy tests, deliver nothing eles. If spammers get smart and start including their own addresses in the addresses spammed then the spam to their address becomes a realy test and should be delivered. There may be some difficulty in finding their test addresses. I have checked spam runs in the past for duplicate addresses: so far none have been found (I assume the spammer migh reuse the same test address.)
With few honeypots (as is the case now) the spammers have little reason to even notice them: their effect is in the noise. Get a bunch and the spammers will try to deal with them. Then it will get harder. I predict the anti-spammers will win. Anti spammers outnumber spammers: that's a big advantage. Notice that with honeypots the burden is on the spammer: he has to figure out which "open" relays aren't open. The goal of the honeypot operator is to look exactly like a dumb sysop running an open relay (with the exception that no spam gets delivered.) I've even blackholed IPs just so the spammer can try a different dialup and get in again. The spammer thinks I'M the lame one.
You asked: "Can you set up your honeypot to detect spamware versions, and post to Usenet alt.make.money.fast and freebie web pages about how terribly disappointed you are that Spambozo 3.2 didn't work for you and was eaten alive by anti-spammers and caused your PC to halt and catch fire, your from home? (Surely you can find some way to promote include self-promotion in their email headers, but by now probably most of them have figured out that it's an easy target for filters."
Probably not. I think I can get about the same effect by contacting the spammers customer (the guy who hired the spammer to send his message) and telling him that the spammer used relay spam and that I trapped a large number (unspecified) of the spams. The customer paid for undelivered messages.
That should lead to an interesting conversation between the spammer and the person who paid. Ultimately it may lead to greater care by the spammer (like putting captive addresses in the list he spams) but the spammer's job has been made more complex. I believe that the anti-spam community will be smart enough to defeat the spammers even if they do start sending spam to themselves (once you know their test addresses just deliver to them whenever they appear.)
The spammer sends out the same number of spams. True. A major function of the honeypot is to prevent delivery of all the spam that the spammer sends to the honeypot thinking it will be relayed. My honeypot (in Wisconsin) probably has a negligible effect, percentage-wise, on the delivered spam. Michael Tokarev's honeypot, which the spammer chose to subject to a spam flood, slowed deliveries for that spammer (Ralsky) to a crawl while he (Ralsky) was using the honeypot. The effect of honeypots should scale: twice as many should have twice as much effect, etc. Ultimately the amount of spam any given honeypot stops is determined by how much the spammer sends to it so you can't know until you create and run the honeypot what its effect will be. The joy of running a honeypot starts when you trap the first relay test messsage and grows from there.
"Is it such a bad thing if email is used for marketing ? Or do we think that all marketing is evil ? How many things do you currently have enjoy in your life that you wouldn't have if it weren't for marketing ? Hmm.. movies like The Matrix, TV series like star trek ?
"I think it's unwise to make huge generalizations and often people are too quick to use the word SPAM, which seems to havebecome a word more dirty than most other 4 letter words.
"So does anyone else think that there is some place for email marketing ? Isn't the dissemination of information what the internet was originally designed for?"
If it is unsolicited it is spam. That's it. All else I say is secondary.
Surely there is a place for email marketing. If the email is to people who want to receive the email and who have said and confirmed they want to receive it that's fine. I'd hope that the products and services mentioned in the email would have features that make them worth the price and that the email would describe the features well. That's good. The internet provides a unique way of doing business. Maximize the use of the internet to benefit the customer and you should prosper if what you sell is worthwwhile.
No words from you will change the basic truth: unsolicited commercial email is spam. My email address (and everyone elses' email address) is not there to be used for unwanted commercial email. It is not available for lease; it should not be on any list of email addresses sold or leased. You should not send me an email asking if I want more email. That's the rule: no unsolicited commercial email. Not ever. Break that rule and you are sending spam. No subterfuge, no fake surveys, no "mistakes." Send me no commercial email unless I request it. That is absolute. Don't look for loopholes. Look to strengthen the priciple.
Teergrube is good. So is honeypot. Think about it: the spammer sends his spam directly into a black hole. Well, not quite a black hole: you can harvest much useful information from what you trap (like 24 Reply-to addreses used by the spammer to receive the sucker responses. You can notify te ISP of all 24 in a single email. Been there, done that.)
Even if all you do is accept port 25 traffic and never deliver anything you can capture spammer relay tests. Maybe you want to notify the ISP, maybe not (the spammer could just change ISPs.) You have a piece of information about the spammer: think about ways to use this information to the sspammers disadvantage. If you're a little braver you can save a copy and deliver the test message. If the delay isn't so long as to arouse spammer suspicion you should soon start receiving relay spam. Now you can complain to the source ISP about the attempted thefft of service (and it's likely the source ISP won't be the same as that for the realy test.) Check the headers: the spammer may have used an open proxy (in which case you warn the owner of the abused system and advise him to check the proxy logs.) Go to news.admin.net-abuse.email for advice/help if you need it. You'll meet a lot of experienced spam fighters there.
I've run a honeypot for two years (from before I knew to call it a honeypot.) It's a good way to get back at spammers. I ran an abused open relay. I'm still extracting revenge.
"His network consisted of 6 win98 machines, 1 BSD box that he had no idea what it did. They ran some windows GUI based tool called SMTPscan. Basically it had 2 boxes to input your IP range into, it would scan that range and report back usable servers. I can't remember the actual name of the program he used to send the mail with, but I remember him pasting that list from SMTP scan into it."
This guy is really going to be pissed if he scans an IP range with a honeypot in it. He'll be able to send his spam but it will never escape the honeypot (all the honeypot should ever deliver is relay test messages.) That is, he'll be pissed if he ever finds out his spam was going into a black hole. Otherwise he'll just be puzzled: "Why so few responses?"
I'd post the link to my honeypot page but it's too wordy. Just set up something that accepts email and doesn't deliver it unless you want it delivered. Sendmail -bd with promiscuous relay enabled and configured to queue rather than attempt delivery on receipt should do fine. (Always test such things before turning your attention elsewhere. Sendmail is tricky: be sure it is doing what you want it to do.) Then make it deliver relay tests or hand-deliver them (keep a copy). There's a slight chance you might get the IP listed as an open relay because of this but you either (1) don't care or (2) want it to happen. A spammer who goes to a listing service looking for open relays may find your entry. Heh-heh-heh.
Yep. And if your system is just some IP sitting out there among all the other IPs what reason other than relay test or spam is there for it to ever see any email? The system doesn't even need a DNS entry.
If a spammer checks it for open relay and if that relay test is delivered the spammer's conclusion is: this is an open relay.
Technical solutions are on a completely different front from legislative solutions: there's need be no conflict between the two approaches. I absolutely support strong legislation (if you do, too, watch out that the DMA doesn't pull a last-minute trick to make the legislation useless.)
While the how-to link fails the earlier version of the same information can be found at
http://fightrelayspam.homestead.com/files/antispam 06122001.htm
Slashdot Mirror
Look at:
http://www.corpit.ru/cgi-bin/h0n5yp0t
and
http://fightrelayspam.homestead.com/
It is being done today. It has been done for months. Isn't it time you gave this a try?
You want a MAJOR change, then? I can give you a MAJOR change, which already is starting. The change: quit being so complacent. Relay spam (one of the main types, if not THE most prevalent) can be stopped trivially. The spammers use open relays for relay spam. Efforts to eliminate open relays have failed (they've had great success, just not enough success.) So add to that effort a second, easier effort: create fake open relays.
These fake open relays are called relay spam honeypots, or just honeypots, and some already exist and are in operation. This is maybe the best one for you to see the idea in operation:
http://www.corpit.ru/cgi-bin/h0n5yp0t
To learn more check out
http://fightrelayspam.homestead.com/
If you run a mail server and see relay attempt rejections in your logs you probably are on an internet segment that can have a successful honeypot. If you are in Korea or China fortune really shines on you: you can capture one whale of a lot of spam. Even in the U.S. (e.g., Wisconsin) you can have a positive effect.
For those of you who want such a solution given to you there's this:
http://www.corpit.ru/cgi-bin/h0n5yp0t
and this
http://fightrelayspam.homestead.com/
Go get 'em!
Thanks for your words of support. Can you (plural) begin to imagine the feeling of joy and power when you see the spammer sending his spam to you to relay and you know it will never be delivered? Not to mention the opportunity to nail him at his ISP (if he spams from an ISP - much relay spam now comes from open proxies).
I've sent in larts for hundreds of spammer dropboxes (accounts where he receives replies to his spam) to have the accounts closed. If I do that before most of the replies arrive all of the spam is wasted, even that which got through.
If you run a Linux or Unix box and don't need port 25 to be used for a real mail server on it (true of thousands of systems in .edu, for sure) you can run a relay spam honeypot. When someone with talent (in Perl, say) writes a honeypot for Windows then millions of systems will trap relay spam. (The previous sentence is intended to inspire Perl-capable programmers to write such a program. A Linux version was posted Feb. 24 on news.admin.net-abuse.email. TMTOWTDI.)
On the other hand I'm talking about 3 honeypots (there are more but I don't have access or information for those) so having even one spam for you trapped is quite an accomplishment since I don't know who you are. It is a mistake for you to assume that what I said was meant to defend the ISPs. That wasn't the goal: I'm trying to tell you there is a way to end relay spam and that it is easy. The reason it hasn't ended relay spam already is that there are too few systems operating as relay spam honeypots. Change that and relay spam dies. As it stands that's a true statement with no particular value since it says when there are enough to end relay spam then relay spam will be ended. It is very probable that the number of honeypots needed is not huge and that the number can rapidly increase when concerned people try the approach. If you run a server and if your mail logs show failed relay attempts then a honeypot on the same IP segment almost surely will soon trap spam, once it is set up. Please check it out. I think you will be very glad you did.
http://fightrelayspam.homestead.com/
is my web page.
http://www.corpit.ru/cgi-bin/h0n5yp0t
is a working relay spam honeypot. Please look at it.
http://fightrelayspam.homestead.com/
(Sorry for the popup.)
A marvelous example of this idea at work:
http://www.corpit.ru/cgi-bin/h0n5yp0t
This works so well I have a goal: end relay spam in July, 2002.
http://www.corpit.ru/cgi-bin/h0n5yp0t When given strong evidence they (ISPs) do act. Many other ISPs (Popsite, Sprint, etc.) have similarly acted on such complaints. While waiting for them to act all the spam going to the realy spam honeypoot is being absorbed. It does not go to and annoy the intended recipient. There are more millions of un-delivered spam messages because of relay spam honeypots than you will believe.
See: http://fightrelayspam.homestead.com/
An example of what can be done
http://fightrelayspam.homestead.com/
A longish exposition of the idea. Sorry for the popup.
This idea works. My goal is to stop relay spam in July, 2002. I can't do that alone: it will require a lot of honeypots. 29 days to go: so far I haven't seen it stop. Still plenty of time. Try this, report your results. Get in early to stop the most spam. The latecomers may get no relay spam at all: they'll be too late.
You might have trouble tracking back to the spammer. Try this, though: run an open relay honeypot. If the spammer sends directly to you you are connected to an IP he is using. Note that it is very probable (with a direct connection to the spammer) that the IP is a dialup and he is spoofing that IP from the actual spam source. Whether or not these are the same system I can't say but it has been reported that some of these dialup IPs have the characteristics of a 3Com switch when profiled. You might need to penetrate the 3Com to get to his actual computer. It would be wrong to do something illegal but if the spammer connects directly to you there's some aura of self-defense in countermeasures you might take. In addition, is he going to go to law enforecement agencies and report you? That's almost something to wish for.
I sympathize with your situation and your point of view. I think that, in your position, you might be able to do something to help educate Chinese email adminstrators about how to cure some of their configuration problems.
m 03102002.htm
/. reported on a single such honeypot in Moscow. It had trapped spam top about 1.7 million recipients at the time of the report. Now that has to be 2.2 million recipients: 508228 so far in the current spam run. This is a 100 MHz 486. A high-powered system is not needed if you wish to run a honeypot. Turn a few abused open relays into honeypots and watch the spammers retreat. Until they retreat watch them send tens of thousands of undelivered spam messages. It's a source of tremendous satisfaction to see the spam never be delivered. It's possibly to benefit over 1 million strangers and have them never even know you did it.
I strongly favor relay spam honeypots as a weapon against those who send relay spam. See: http://fightrelayspam.homestead.com/files/antispa
A few of these in China would have a tremendous effect. Recently
Please give the idea some thought.
Great point. I'm happy as can be to see the honeypot in Moscow trapping (preventing delivery) of the U.S. spam that Ralsky is trying to realy through it.
m 03102002.htm
I look forward to the day when there are similar honeypots throughout China, Taiwan, and Korea. To a relay spam honeypot it is immaterial where the spam originates: the spam is stopped. Such honeypots are a valuable addition to the arsenal of anti-spam weapons.
see: http://fightrelayspam.homestead.com/files/antispa
Most spam I trap has 48 recipients. It would be a long, long time before recipient 48 got his spam. (Not too long ago most had 21 recipients. Even that would introduce some long delays.)
I don't think you can say with certainty what the spammers will do but they do seem to keep returning to my honeypot (about 2 years old.) Probably some do not now use it but one was still using it as of 2:51 p.m. CST today (the merchant credit card spammer). Right now he isn't using it: there's no way I can know why not.
I think some spammers have lists of open relays that they have discovered. Before using a relay in a spam run they retest it to see it if it is open. If it tests open they use it. Probably they add to this list periodically either by scanning for open relays (using test messages) or by stealing information from anti-spam open relay blocking services (I can think of at least one other technique they could use.)
I did have the joy once of watching a heavy spam run hit the honeypot. After about 1 1/2 days relay tests started coming: apparently the spammer knew there was some problem and was checking again. I automatically rcognize many relay tests and automatically deliver them so these sailed right through. Aproximately one day later the spam finally stopped.
The key to successful honeypot operation is this: deliver realy tests, deliver nothing eles. If spammers get smart and start including their own addresses in the addresses spammed then the spam to their address becomes a realy test and should be delivered. There may be some difficulty in finding their test addresses. I have checked spam runs in the past for duplicate addresses: so far none have been found (I assume the spammer migh reuse the same test address.)
With few honeypots (as is the case now) the spammers have little reason to even notice them: their effect is in the noise. Get a bunch and the spammers will try to deal with them. Then it will get harder. I predict the anti-spammers will win. Anti spammers outnumber spammers: that's a big advantage. Notice that with honeypots the burden is on the spammer: he has to figure out which "open" relays aren't open. The goal of the honeypot operator is to look exactly like a dumb sysop running an open relay (with the exception that no spam gets delivered.) I've even blackholed IPs just so the spammer can try a different dialup and get in again. The spammer thinks I'M the lame one.
You asked: "Can you set up your honeypot to detect spamware versions, and post to Usenet alt.make.money.fast and freebie web pages about how terribly disappointed you are that Spambozo 3.2 didn't work for you and was eaten alive by anti-spammers and caused your PC to halt and catch fire, your from home? (Surely you can find some way to promote include self-promotion in their email headers, but by now probably most of them have figured out that it's an easy target for filters."
Probably not. I think I can get about the same effect by contacting the spammers customer (the guy who hired the spammer to send his message) and telling him that the spammer used relay spam and that I trapped a large number (unspecified) of the spams. The customer paid for undelivered messages.
That should lead to an interesting conversation between the spammer and the person who paid. Ultimately it may lead to greater care by the spammer (like putting captive addresses in the list he spams) but the spammer's job has been made more complex. I believe that the anti-spam community will be smart enough to defeat the spammers even if they do start sending spam to themselves (once you know their test addresses just deliver to them whenever they appear.)
The spammer sends out the same number of spams. True. A major function of the honeypot is to prevent delivery of all the spam that the spammer sends to the honeypot thinking it will be relayed. My honeypot (in Wisconsin) probably has a negligible effect, percentage-wise, on the delivered spam. Michael Tokarev's honeypot, which the spammer chose to subject to a spam flood, slowed deliveries for that spammer (Ralsky) to a crawl while he (Ralsky) was using the honeypot. The effect of honeypots should scale: twice as many should have twice as much effect, etc. Ultimately the amount of spam any given honeypot stops is determined by how much the spammer sends to it so you can't know until you create and run the honeypot what its effect will be. The joy of running a honeypot starts when you trap the first relay test messsage and grows from there.
"Is it such a bad thing if email is used for marketing ? Or do we think that all marketing is evil ? How many things do you currently have enjoy in your life that you wouldn't have if it weren't for marketing ? Hmm.. movies like The Matrix, TV series like star trek ?
"I think it's unwise to make huge generalizations and often people are too quick to use the word SPAM, which seems to havebecome a word more dirty than most other 4 letter words.
"So does anyone else think that there is some place for email marketing ? Isn't the dissemination of information what the internet was originally designed for?"
If it is unsolicited it is spam. That's it. All else I say is secondary.
Surely there is a place for email marketing. If the email is to people who want to receive the email and who have said and confirmed they want to receive it that's fine. I'd hope that the products and services mentioned in the email would have features that make them worth the price and that the email would describe the features well. That's good. The internet provides a unique way of doing business. Maximize the use of the internet to benefit the customer and you should prosper if what you sell is worthwwhile.
No words from you will change the basic truth: unsolicited commercial email is spam. My email address (and everyone elses' email address) is not there to be used for unwanted commercial email. It is not available for lease; it should not be on any list of email addresses sold or leased. You should not send me an email asking if I want more email. That's the rule: no unsolicited commercial email. Not ever. Break that rule and you are sending spam. No subterfuge, no fake surveys, no "mistakes." Send me no commercial email unless I request it. That is absolute. Don't look for loopholes. Look to strengthen the priciple.
Teergrube is good. So is honeypot. Think about it: the spammer sends his spam directly into a black hole. Well, not quite a black hole: you can harvest much useful information from what you trap (like 24 Reply-to addreses used by the spammer to receive the sucker responses. You can notify te ISP of all 24 in a single email. Been there, done that.)
Even if all you do is accept port 25 traffic and never deliver anything you can capture spammer relay tests. Maybe you want to notify the ISP, maybe not (the spammer could just change ISPs.) You have a piece of information about the spammer: think about ways to use this information to the sspammers disadvantage. If you're a little braver you can save a copy and deliver the test message. If the delay isn't so long as to arouse spammer suspicion you should soon start receiving relay spam. Now you can complain to the source ISP about the attempted thefft of service (and it's likely the source ISP won't be the same as that for the realy test.) Check the headers: the spammer may have used an open proxy (in which case you warn the owner of the abused system and advise him to check the proxy logs.) Go to news.admin.net-abuse.email for advice/help if you need it. You'll meet a lot of experienced spam fighters there.
I've run a honeypot for two years (from before I knew to call it a honeypot.) It's a good way to get back at spammers. I ran an abused open relay. I'm still extracting revenge.
"His network consisted of 6 win98 machines, 1 BSD box that he had no idea what it did. They ran some windows GUI based tool called SMTPscan. Basically it had 2 boxes to input your IP range into, it would scan that range and report back usable servers. I can't remember the actual name of the program he used to send the mail with, but I remember him pasting that list from SMTP scan into it."
This guy is really going to be pissed if he scans an IP range with a honeypot in it. He'll be able to send his spam but it will never escape the honeypot (all the honeypot should ever deliver is relay test messages.) That is, he'll be pissed if he ever finds out his spam was going into a black hole. Otherwise he'll just be puzzled: "Why so few responses?"
I'd post the link to my honeypot page but it's too wordy. Just set up something that accepts email and doesn't deliver it unless you want it delivered. Sendmail -bd with promiscuous relay enabled and configured to queue rather than attempt delivery on receipt should do fine. (Always test such things before turning your attention elsewhere. Sendmail is tricky: be sure it is doing what you want it to do.) Then make it deliver relay tests or hand-deliver them (keep a copy). There's a slight chance you might get the IP listed as an open relay because of this but you either (1) don't care or (2) want it to happen. A spammer who goes to a listing service looking for open relays may find your entry. Heh-heh-heh.
It's a Google Groups search for "Honeypot Question" in news.admin.net-abuse.email, then the 22nd article. here's the link again:
Yep. And if your system is just some IP sitting out there among all the other IPs what reason other than relay test or spam is there for it to ever see any email? The system doesn't even need a DNS entry. If a spammer checks it for open relay and if that relay test is delivered the spammer's conclusion is: this is an open relay. Technical solutions are on a completely different front from legislative solutions: there's need be no conflict between the two approaches. I absolutely support strong legislation (if you do, too, watch out that the DMA doesn't pull a last-minute trick to make the legislation useless.)
Doesn't this adequately handle the problem? (in /etc/sendmail.cf)
# default delivery mode
O DeliveryMode=background
While the how-to link fails the earlier version of the same information can be found at http://fightrelayspam.homestead.com/files/antispam 06122001.htm