Fighting Spam on the Home Front 306
Saint Aardvark writes: "Something interesting from the SecurityFocus Honeypot mailing list: a couple of honeypots for spammers. This message has a link to a how-to page for setting up a Sendmail honeypot to trap spammers, and the status page for a honeypot in Moscow that's trapped spam meant for >1.7 million recipients. The author mentions using a honeypot in conjunction with the Distributed Checksum Clearinghouse -- this seems like a great way identify both spammers and their messages."
And C-Moan writes: "Wireless spam volume is likely to increase in the coming years. But smart use of spam-fighting measures can go a long way toward eliminating the problem. This article provides info about the latest crop of e-mail filters and enhanced mail client options, as well as two roll-your-own programming platforms that could help keep your in-boxes spam free."
If you don't drop the TCP SYN, you're dead. (Score:5, Interesting)
I've got a longer rant on my web page, but I won't post it here, as the machine will die.
Suffix it to say that I can't afford 500k+ spams a day. The SMTP 'HELO', 'MAIL FROM', and 'RCPT TO' traffic for spam was getting to a gigabyte of
traffic every few days.
rbl doesn't work. The spammers that hit me aren't listed on it. 'teergrube' doesn't work. I can't afford the bandwidth or the CPU time to maintain millions of open connections.
When you get spam, if you do ANYTHING other than
drop the TCP SYN packet, you've lost.
Re:If you don't drop the TCP SYN, you're dead. (Score:2, Informative)
Re:If you don't drop the TCP SYN, you're dead. (Score:2)
You should run teergrube, here's an answer as to why from the Teergrube FAQ [iks-jena.de]:
spider traps (Score:4, Interesting)
I wonder how useful they would be in a honey pot setup, if you had the bandwidth to spare.
Re:spider traps (Score:4, Informative)
You are probably refering to Sugarplum [devin.com] or Wpoison [monkeys.com].
They perform two very different purposes: the poisoning scripts mentioned above are designed to fool the robots that harvest e-mail addresses. They slow down the spammers and introduce many invalid addresses in their list, but they cannot completely prevent the spammers from collecting e-mail addresses.
The fake open relays mentioned in the article are designed to stop the spammers from sending their spam. The spammers think that they have found a nice open SMTP relay and they dump all their spam to it, but in the end nothing is sent to the intended recipients.
You could of course run both on the same machine, but this is probably not a good idea because the goals of these spam traps is to convince the spammers that they have found a "live one". If there is anything that looks strange on the target site (such as a warning generated by their harvesting robot), it is likely that they would consider this to be a suspicious site and they would not try to use it to relay their spam.
It would be fun... (Score:2)
Is this legal? Is this feasible? I'm no expert is email system and scripting.
Re:spider traps (Score:3, Interesting)
It's supposed to cut down on email harvesting bots and others that ignore the
Re:spider traps, Elcomsoft and SPAM (Score:3, Funny)
Their spam-software site is here [massmail.ru]. Scroll down to the bottom to see the (c) Elcomsoft.
Of course, the Slashdot editors rejected this story :-)
Re:spider traps, Elcomsoft and SPAM (Score:2)
Re:spider traps, Elcomsoft and SPAM (Score:3, Insightful)
It isn't really fair to blame interns who happen to work for [insert name of evil corporation] for the company's possibly unethical behaviour. I doubt that many people here agree with everything their employer's does. (I know I disagree with my employer's decision not to promote me and give me a big fat pay rise...)
Delays with the sendmail-bd (Score:4, Interesting)
Re:Delays with the sendmail-bd (Score:3, Interesting)
I do not think that many spammers pay attention to the delivery time for their test messages, because they usually send dozens or hundreds of probes at the same time. As long as the message is delivered (by hand) within a couple of hours, that should be sufficient.
But they will probably pay attention to this trick sooner or later. So we need a more sophisticated script than this simple "sendmail -bd". Maybe some kind of "limited open relay": a program that always delivers the first message received from any IP address, but delays (or drops) all the other ones coming from the same address. There could be a configurable threshold allowing more than one message per IP, in order to fool the spammers who would try to send two test messages.
Such a machine could be used as an open relay, but with limited consequences. As long as the administrator of the machine keeps the logs of all incoming IP addresses (with timestamps and as many details as possible), the messages that go through it will not do much damage.
Re:Delays with the sendmail-bd (Score:2, Interesting)
as w/ any spam ruleset there are exceptions. there should be a conf file for allowed mail senders such as if you are running a mailing list or the such.
it should be trivial to write something like this into a milter or to just put a wrapper in front of your port 25.
What am I missing? (Score:3, Insightful)
(1) Spammer sends bunch of stuff to someone who is throwing it away, unread
(2) ? ? ?
(3) Spammer is discouraged from sending spam
In other words, I understand that that spammer THINKS his spam is reaching endusers, when, in actuality, it is not. But I don't understand how that discourages or harms the spammer in any way.
Re:What am I missing? (Score:5, Insightful)
The reason people spam is the cost is low. Increase the cost of doing business and they will reevaluate.
Re:What am I missing? (Score:3, Insightful)
This is an interesting answer. If the spammer is looking at response RATES, that answers my question, because the honeypot will decrease the apparent response rate. But wouldn't a spammer be looking at the response TOTALS? In other words, "I spend $1,000 to send a spam, and I got $10,000 in orders, so I made 10x my investment." The response total will not change if there are honeypots or not, because the spam would be blocked by the ISP who set up the honeypot in either case.
Your argument works if the time investment (the 40 hours you detailed) goes up as the response rate goes down. I don't believe it does that - whether or not a honeypot is set up, the spammer still sends out the same quantity of spam.
Do you agree with me, or am I still being thick?
Re:What am I missing? (Score:2, Interesting)
You are misunderstanding me. I understand why it hurts spammers if their mail doesn't make it through to their destination. What I don't understand is why it is better to let them THINK it is getting through than it is to let them realize that it is not.
Re:What am I missing? (Score:2)
>it is getting through than it is to let them realize that it
>is not.
Because if they think the spam is getting through, the spammer ends up wasting a whole lot of time sending spams which don't get delivered. If they realize they've got a honeypot, they move to another relay and start sending spams which do get delivered. Clearly it's better to have a spammer sending mail to nowhere than sending it to everywhere, but no spammer's going to intentionally send mail to nowhere. That's where the trickery comes in.
The idea is to occupy time and/or resources that the spammer would otherwise be using to pollute the net. The stats on the Russian honeypot show that they trapped a spam run which lasted four full days and totalled more than a million recipients. This adds up to quite a bit of wasted spamming time, and quite a lot of spam messages that would have otherwise been delivered.
Shaun
vipul's razor!!!1` (Score:5, Interesting)
Yup, installed it a couple of weeks ago. (Score:2)
Having looked over DCC (Score:2)
Vipuls Razor looks easier to install and get running, but DCC might be more effective for high capacity sites.
Two slightly different approaches, Vipuls Razor is Perl based and DCC is written in C. How's about a common data format, common databases and servers?
Checksumming -- defeatable? (Score:3, Interesting)
Re:Checksumming -- defeatable? (Score:4, Informative)
Am I missing something?
Yes. The DCC page states that they use a 'fuzzy' checksumming algorithm that doesn't just checksum the whole message, and that the algorithm is evolving as spam evolves.
Re:Checksumming -- defeatable? (Score:2, Redundant)
I cannot speak to what approach DCC uses, but razor [sourceforge.net] only picks pieces of a message it believes to be static when computing its SHA1 hash. In the very near future, razor is going to implement Nilsimsa hashes [shinn.net] which are 'fuzzy' and should be able to detect everything from spam with minor differentials to mutating e-mail viruses.
Combined with the new razor trust system, razor is going to be quite the tool; and when used in conjunction with SpamAssassin [taint.org] we'll have quite the arsenal to battle unwanted spam.
It might have been but... (Score:2)
You can pick bits of the messages to checksum, say the 5th to the 10th from last line. Exactly the bits the spammer wants you to read.
Re:Checksumming -- defeatable? (Score:3, Interesting)
It is.
A rock will let you enter a locked car, but you still lock your car.
A filter doesn't need to be 100% effective to be useful,
and it's not likely that spammers will care until this kind of thing is guarding more than 50% of mailboxes.
The random string is more likely a tag to find out who responded than an attempt to bypass filtering.
-- Is a "no soliciting" sign spam?
Spam only has a political/legislative solution (Score:5, Interesting)
I use SpamAssassin and it blocks virtually all spam, but that doesn't really solve the problem. Most users can't use spam assassin, or other good spam blocking system. Spamcop is good too, but that's now $3/month. Why should I be forced to pay to haul the spam, and $3/month not to see it?
The solution as I see it is this. We need legislation that allows for damages from the beneficiary of the spam. Almost all of the spam I get comes from SMTP servers in China and Eastern Europe. Good luck getting these people shutdown. Or, it comes from an open relay. Again, it's useless to attack the unwitting/stupid party, although it might have some effect here. But the spam beneficiary almost certainly has a bank account in your country, or some bank funds transfer mechanism. If they want to do lots of business with the US or other countries, there's going to be somefinancial presence there. So, we now have money...just tap into that money, by making the beneficiary of spam a civil tort, and spam just gets more expensive to promote.
When the demand for spam drops, because it's too expensive, then the demand for the out of country spam services drops, and eventually, most spam stops.
There would need to be some way to keep companies from being "set-up" as spam beneficiaries, but I think that shouldn't be too hard of a problem to solve. (Who's going to pay a spammer to "set-up" someone else, when the risk could be quite high if you get caught?)
Anyway, I'm starting to print out the most scummy spams, Porn etc (Esp pictures) and I'm going to mail them to my Congressmen and Senators. I don't know that they care, but I can pretty much guarantee they're going to get sick of getting such sicko stuff in the mail. Perhaps they'll actually do something. I've even pondered sending it all to every congressman and every senator, but that's a bit costly!
Well, do your damage...
Cheers!
Re:Spam only has a political/legislative solution (Score:2)
Re:Spam only has a political/legislative solution (Score:5, Funny)
I've come to the realization that the solution to spam is vigilante justice. That's how my emotions are, anyway.
Not Quite So Easy. (Score:3, Interesting)
How's that going to help if the porn sites are in China? Passing a law won't change it, your Congressman and Senator would have to be willing to support some kind of "punishment" in the form of economic sanctions or something on the country as a whole.... If that... It's not going to happen, not by just passing a law.
If it were to be stopped by law, it would have to be an INTERNATIONAL law (funny how electrons in cables don't know to carry a passport and stop to check in with the Customs Officer when they cross a border).
And, EVERY country would have to support the law. Or else the spaming operations would just move to a country that allows it. Good luck getting every country in the world to agree to an international policy just to keep spam out of your inbox.
Sorry to rant, but it gets on my nerves when ANYONE thinks the USA has some right to make any Internet regulation at all.... because, they are trying to control something that extends way beyond the countrys borders.
Careful - violate USPS requlations? (Score:2)
Just a thought.
Does anyone know the requlations regarding sending pornographic materials via the US Postal Service?
Re:Careful - violate USPS requlations? (Score:3, Interesting)
Yes, I'd like to know...
But, I think it would be very NEWSWORTHY for me to get "prosecuted" for sending porn in the mail to my representatives, when government refuses to do anything against the spammer and the beneficiary of the spam for sending it to me in th first place.
Plus, I think they would have a difficult time making it stick, as it would be the most protected speech. Speech to a representative for political discourse... (Or am I full of it?)
I would really hate the time spent fighting it, and the expense, but I could really raise the roof if I was able to get it in the press.
This is rather a cool idea. I might just "push the envelope" to see what a stink I can raise!
Any suggestions?
Cheers!
Re:Spam only has a political/legislative solution (Score:2)
And watch as all Slashdotters start spamming each other with advertisements for Windows XP.
"I've even pondered sending it all to every congressman and every senator, but that's a bit costly!"
Email, man! :)
Re:Spam only has a political/legislative solution (Score:2)
-- Is a "no soliciting" sign spam?
Re:Spam only has a political/legislative solution (Score:2)
In recent years, there have been talks about legistlations to pass a email fee. (in the same way that they would do with normal mail) I would gladly accept a couple spams rather than the alternative of a per-email fee.
Re:Spam only has a political/legislative solution (Score:2)
The previous poster is not suggesting that congress pass laws about the content of email. He/she is suggesting that the beneficiary of spam be accountable for damages done through the sending of spam. So for example, if I set up an email account for my pre-teen son, and that email account starts getting lots of SPAM for porn sites, I should then be able to sue the porn sites who have attempted to benefit through the use of spam. Nobody's governing what can and can't be said, but someone does have to take responsibility for saying dumb stuff.
The idea is this: skip the middle man (the spammers) and go after the people who reap financial benefit - the sites/services/etc being advertised. If there's an additional cost to spam then perhaps the demand will dry up.
It's an interesting idea and I wonder if there are other implications that I can't think of.
Re:Spam only has a political/legislative solution (Score:2)
-Exempts a subset of spammers that includes all members of the DMA
-Has intended or unintended consequences for other, legitimate uses of email
-Has attached riders written by MPAA/RIAA lobbyists that criminalize a number of other things
-Spells out details of what should be in a valid SMTP header, thus creating a specification for legal spam (like the "ADV" subject line) that gives spammers a free pass, and that prohibits any further development or modification of the protocol
-Allows the government to snoop on port 25 traffic if they so choose (oh wait, we have that law already, don't we?)
-Places limitations on an ISP's liability if it becomes a spamhaus (unless it's a small ISP with no significant campaign contributions)
-Clamps down on alternative solutions that ire spamhauses ("now that we have these great laws, you shouldn't need those filters/blacklists/honeypots")
-Allows spammers to sue for damages if their packets are blocked or they are "falsely accused" (as larger companies start showing interest in spamming, you can bet on this)
Such legislation would naturally be approached from the angle of "Hmm, how can we turn this into a gift to corporations?"
When you think about it, programming and legislating are a lot alike. Programs have bugs, and laws have loopholes. The people in Congress look like they would make lousy programmers.
Re:Spam only has a political/legislative solution (Score:2)
Teergrube (Score:5, Informative)
more documentation (Score:3, Interesting)
Re:more documentation (Score:3, Informative)
I now run postfix (or qmail, when I need EZMLM for mailing lists), and am eagerly awaiting their Postfix book.
Re:more documentation (Score:3, Interesting)
I've handled local relaying by just adding IP addresses and/or address blocks to the server config. It works as long as nobody has a dynamic IP address...since the addresses that are let through are all private-subnet addresses (people behind the firewall), this isn't a problem. Their mail gets out, but spammers in search of an open relay are cut off.
You might also want to look into qmail...it's much simpler to get going than sendmail, and IIRC no security holes have been found yet.
Somebody linked to this article [evolt.org] on using Apache to find the bots that swipe email addresses from websites. While you're waiting for the bots to respond to their suggested changes, you might also consider searching your logs for other attempts at sending mail through your system. Searching all the logged 404s on my server turned up 91 attempts at exploiting webmail systems. Some were the result of Nessus [nessus.org] scans I had aimed at my server, but filtering those out left 36 confirmed attempts.
Here are the user-agents that turned up:
Wireless spam in Finland (Score:5, Interesting)
This kind of spam exists no more. How? It was made illegal practically overnight and that shut the bastards down.
The spam problem is a political problem. Until there is enough political will in your governments to crack down on the spammers HARD, the spam problem will be getting worse and worse.
Re:Wireless spam in Finland (Score:2, Interesting)
I'd like to see the House, Senate and Administration actually come up with some relief legislation on this and crack down hard. Pity, they won't do it, but they saddle us with DMCA.
On AT&T cell phone too... (Score:2)
Some of them are from AT&T itself (I really can't understand why they spam their own already-service-subscribing customers!). Otheres are from who-knows-whom. Some with messages like "Call this number to make more money", or "Call this number for a free home loan consulting", or some idiotic messages like that.
about legislation (Score:2)
That doesn't mean nothing can be done, but no solution will make spam disappear instantly.
Throw SPAM to the tarpits! (Score:3, Interesting)
Re:Throw SPAM to the tarpits! (Score:2)
I've said it before and I'll say it again... (Score:3, Funny)
Yes, I'm serious about this. I despise spam and wish all spammers DEAD.
What's funny is... (Score:3, Funny)
I did
I then received all the mail back as undeliverable.
I replied the same day it was received so what good are these spammers doing? I mean, how do they expect to make any money if they were not there to take mine?
Re:What's funny is... (Score:2)
My guess is that these spams come from infected computers that are infested with a virus designed to send out spam and infect more computers at random. It might have been months or years since the first round hit and the email address of the satan who sent it is long gone (hopefully dead.)
Re:What's funny is... (Score:2)
Another thing that they do is they send you spam just to check if you have a valid email address. There is probably greater profits in the sale of email addresses than what they seem to be selling in the emails. Even if you don't respond to it, 1) they don't get a auto-response bounce back (therefore it's valid) 2) at times HTML emails contain images located on a server. This allows them to track if a message has been read and which message.
Re:What's funny is... (Score:5, Insightful)
This is exactly that, most HTML e-mail messages you get contain an image. Alot of those images are formatted in such a way like:
img src="http://www.spammersite.com/spampic.jpg?you@y
So the image display's, and they now have a list of e-mail addresses of people who looked at the message.
So now you don't even have to click anything, they know you are looking at the message just by your mail client opening the picture.
Re:What's funny is... (Score:3, Informative)
I got one spam that had code to cause a banner advertising hit for the spammer. I notified the banner ad company. I suspect the spammer was unhappy about the result.
Re:They ain't that stupid... (Score:2)
>GET
That's when you reverse-engineer the URL. If it's for beastiality or incest pr0n (yeah, we all know what Dallas-Ft. Worth spammer I'm talking about), you then punch in some URLs that "validate" some addresses at fbi.gov ;-)
Re:What's funny is... (Score:2)
So I changed email addresses and I set up the Mail.com email system to auto-respond with a message that said that it was an old email account and to check my website for the new one (thus not sending my email to Spammers
So trying to figure out why the hell would anyone send me a message from a fake address, I determined it was obvious if you read the email. They always include a link to some random website (.ru anyone?) and when you arrive, there's absolutely no contact info, but always a pitch for some product or service and a form to put your credit card info in. Fuckers. I HATE SPAMMERS.
From this experience I thought I'd really like to implement a sort of "thank you note validation" system on my mail server where every message that comes in would be responded to automatically with a "thank you note". Any response email that bounced would automatically mark the original message as spam. This of course would bring the Internet to it's knees if everyone did this (here's a thank you note for your thank you note) and temporary mail server or router outages would also cause false-readings, but still...
My COMPLETELY INEXPERT opinion is this: We're all using SMTP - SIMPLE message transport protocol. It's now time for a NON-SIMPLE solution. The CMTP if you like (c for complex). If you want to send mail, you have to register your email address with an officially sanctioned registrar (yes, I know, it'd be like ICANN except worse) and then those messages would be digitally signed and your mail server could be set up with levels and filters. You could still receive unsolicited mail, but if it was from a known corporate entity, you could acurately filter it out.
I remember when I set up my first SMTP server and email system and found out that you can basically lie in all the to and from fields and IT DOESN'T MATTER, I thought, that's sort of weird. Now I realize it's completely broken, not weird.
My thoughts...
-Russ
most effective (Score:5, Insightful)
Did you receive a spam directing you to a website? Good. Surf there. Reload. Reload a few hundred times. 800 number? Call it and complain. When they hang up on you, call back.
Multiply this by even a small fraction of the people the company sent spam to and swamp their lines and slashdot their servers. They won't be making any sales, and any earnings they do make won't come close to paying their bandwidth or phone bills.
Re:most effective (Score:2)
www.overture.com [overture.com] (formerly GoTo.com) is a search engine where advertisers pay for clickthroughs, and each search result shows you how much your click costs that advertiser (more $ == higher search ranking).
Search for "bulk email".
Click through the first 10 or so.
Multiply by the Slashdot Effect.
Smile.
(I am not associated with overture.com, nor is this an endorsement of their services. But anything that bleeds money from spammers is good IMHO).
Yep, make them pay (Score:2, Informative)
You can usually make the top 10 spammers on this list [overture.com] pay between $1 and $10 by clicking their link.
Re:most effective (Score:2)
day in the life of a spammer... (Score:2, Insightful)
Two spam stories in a day! (Score:4, Funny)
Another article about stopping spambots (Score:4, Informative)
I posted an article that deals with stopping spambots [slashdot.org] with common apache tools last week in the apache section [slashdot.org] of slashdot. hopefully some can find use of it here as well :)
here's the link directly to the article as well:
Stopping Spambots II - The Admin Strikes Back [evolt.org]
On a Related Note... (Score:3, Informative)
Definitely worth a read.
Re:On a Related Note... (Score:3, Interesting)
I have a script (source at http://squirrel.mine.nu/Infinospam_cgi.txt) which generated an infinite sequence of pages full of what look like email addresses.
I put a link to it in most pages, with the link the same colour as the background.
I'd post a link to the author's site, if I remembered where I got it from...
Receiving unwanted spam == Violation of privacy (Score:3, Interesting)
I don't even dare to say it: Maybe more lawyers should be retained by ppl getting unwanted spam. [There, I actually said it: MORE lawyers might be the solution of a problem shared by the /. community. That will probably get me a lifelong ban ;) ]
German courts have ruled that sending UCE to a private e-mail address is a violation of that person's sphere of privacy. Theoretically the recipient can collect any damages - even immaterial ones. Some decisions are reported here [cauce.org].
make people pay for email! (Score:2, Interesting)
Let's make it $0.01 per email, which will cost near nothing to the average email user, but for the lousy spammer who sends out 10,000 emails, this will set him back $100.
People will only change their behavior if it hits them right in the pocket, as soon as they carry out that unwanted behavior. Why should email be free for people to abuse?
Re:make people pay for email! (Score:2)
The only thing your suggestion would do, is increase the cost of complaining to the originating ISP's about spam sent by their customers.
Re:make people pay for email! (Score:2)
I think it would pretty simply eliminate the open relay servers flooding the world with unwanted email -- if they don't pay for what they send, then their emails are rejected.
Email is surprisingly similar to real mail. We want to receive something, but not get flooded with useless junk. It's a security risk. It's a nuisance. Let's apply models that have worked -- pay for email. Why not?
Move it up a level? (Score:3, Interesting)
Question: If this idea is viable, why don't ISPs implement it, too? For example, if AOL used this technique on a few of its dial-up (or cable) IP addresses, they could potentially make quite an impact. Futher, they could apply this technique across each of their address blocks. They could also rotate through the address block the particular addresses which act as the honeypot.
Now imagine that AT&T, Earthlink, MSN, and other ISPs implemented this, too, that should put a HUGE DENT in spamming.
Granted, this would chew up bandwidth on their network, but delivering spam chews it up, too.
Please, if there are mistakes in this, don't mod me down but instead point out what ISPs COULD DO to make this work. Thanks!
Works on the clueless ones, I suppose (Score:2)
Want to stop span? (Score:5, Interesting)
After senator what's his face gets spammed by 10000+ p04n addresses a day for weeks on end he might take notice.
Re:Want to stop span? (Score:2, Insightful)
The page had a clearly stated no-spam accepted policy, and that the spam would be reported to the authorities; and in the wording of the policy, he had the email addresses (both semi-private work and public function) for legislators and gov. offices that deal with spam. [with of course abuse@[localhost] ]
This way if someone was using a harvester to get email addresses, they would end up possibly sending to the legistlators that did not think spam was a problem.. [ in 1997]
So it was not JUST a honeypot. It did have a function of informing.
Re:Want to stop span? (Score:2, Insightful)
Of course if some unscrupulous person were to set up some fake email addresses in hotmail,yahoo etc etc.. and set them up to forward anything sent to the addresses to the senators email the results might be interesting. especially after using the fake email addresses in a few select newsgroups.
Anyone ever... (Score:5, Interesting)
Cratered or overloaded dropboxes (Score:3, Insightful)
a) Spammer sent spam, checked for replies for awhile, then abandoned that dropbox for a fresh one. By the time I replied to his spam, he was no longer checking on that box.
b) Spammer sent spam, and because everything under the sun was in tune, someone with a clue was reading abuse@ and nuked his dropbox.
c) Spammer sent spam, got mailbombed with thousands of junk letters and didn't bother to clean the dropbox out. Both Hotmail and Yahoo - from my experience, anyway - will spool new messages for you even when you exceed your storage quota. Those messages won't show in your inbox until you delete some of the existing drek, but they don't bounce either; we could be sending order inquiries to a "full" dropbox that's never cleared.
Of course, we can always dream about
d) Spammer sent spam, was visited by a few guys with baseball bats, and was rendered physically unable to reply to our solicitations!
Shaun
It's for the Children! (Score:4, Funny)
1) Have your 14-year-old kid set up and email account somewhere.
2) Help him/her write an innocent letter to your representative complaining about the inappropriate spam s/he is recieving.
3) Watch them trip over themselves to Save The Children =P
Re:It's for the Children! (Score:3, Interesting)
We switched his account to the first.last format, and he immediately started receiving lots of spam - including porn - meant for the previous user. My wife was horrified, and wouldn't let him check e-mail until she screened it first. Once we moved entirely off of @home, the problem went away ... for now.
Re:It's for the Children! (Score:2, Insightful)
You know why? It's entirely likely that spam would become 'legal', except pornographic spam. The second this whole thing started, the DMA will leap in about all the evil pornographers, the newspapers and 'parent groups' would have a field day about 'smut', and we'd end up worse off than we are now, because, while we'd stop getting prono spams, we'd end up get more of other kinds, because they're magically 'legit'.
OTOH, it's already illegal to distribute pornographic materials to children, so if you want to have spammers who do it locked up, you have pretty good grounds to do so.
ISPs need to do more... (Score:2, Interesting)
This doesn't have to be your problem. (Score:2)
If they don't want to live with the possibility of not getting their invitation to the family reunion, well, fine, they can live with the spam. If they're willing to risk losing that invitation in order to kill the corresponding 50 spams that they would receive with it, great, they can turn on the solition for themselves and then they have no right to complain if some legitimate email gets lost because, well, YOU WARNED THEM.
Re:ISPs need to do more... (Score:2)
Basically, this doesn't block the delivery of any message to the end-user but gives the end user of filtering out spam if they desire. However, this puts the burden on the ISP to actually do such filtering, and unless one has a mail client with CPU cycles to spare, that might be hard to do. However, given what the averge person knows on email filtering, this might not seem unreasonable for an ISP to impliment to keep & gain customers. Of course, a key part of this is that there needs to be agreements on what format to take such that users that swap ISPs don't have to reconfigure their clients to use a different filtering system.
Re:ISPs need to do more... (Score:3, Interesting)
Re:ISPs need to do more... (Score:2)
Hmmm (Score:4, Insightful)
So now the spammers have a lot of worthless addresses. Well let's think about that for a minute. Spam is built around a theory that next-to-no-one will reply anyway, so that doesn't matter much. Spammers also rarely pay for their own bandwidth, choosing instead to spoof unsecure machines to do their dirtywork. So in the long run, you only end up giving them more worthless addresses that creates more wasted bandwidth, neither of which really harms the people you are attempting to target.
Re:Hmmm (Score:2)
So now the spammers have a lot of worthless addresses. I believe the point is/was to trick the spammers into wasting their time sending out emails to a server that they believed would relay them, but in fact was not.
This concept is a separate tactic from hosting pages filled with bogus addresses intended to "poison" the spammers lists.
I don't care as long as I don't get the mails (Score:2)
The solution is not legislative! (Score:3, Insightful)
Standard crypto would serve us much better then any new law (set of laws) and the possible abusive applications of said law(s). We would surly end up with all sorts of lawful and awful unintended consequences as a result af anything that is generated by any government.
~Sean
SpamAssassin! (Score:5, Informative)
It uses a weighted score that derives it's values from a variety of sources including Razor and various Black Hole Lists.
The type of heuristics are along the lines of:
SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (12.24 hits, 5 required)
SPAM: Hit! (1 point) From: contains numbers mixed in with letters
SPAM: Hit! (1.2 points) From: does not include a real name
SPAM: Hit! (1 point) 'Message-Id' was added by a relay (2)
SPAM: Hit! (1 point) Subject contains lots of white space
SPAM: Hit! (1 point) BODY: List removal information
SPAM: Hit! (1.56 points) Contains phrases frequently found in spam
SPAM: [score: 26, hits: accept credit, credit cards,]
SPAM: [fill out, for your, more information, our]
SPAM: [company, phone number, receive further, remove]
SPAM: [the, reply this, subject line, thank you, the]
SPAM: [subject, this email, wish receive, word remove,]
SPAM: [you for, you like, you wish, your]
SPAM: [email]
SPAM: Hit! (1 point) spam-phrase score is over 20
SPAM: Hit! (1 point) Received via a relay in inputs.orbz.org
SPAM: [RBL check: found 14.54.162.63.inputs.orbz.org.]
SPAM: Hit! (2 points) Received via a relay in relays.osirusoft.com
SPAM: [RBL check: found 6.223.155.212.relays.osirusoft.com., type: 127.0.0.9]
SPAM: Hit! (1.48 points) Subject contains a unique ID number
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------
Re:SpamAssassin! (Score:2)
Just for laughes, here's the record SpamAssassin [taint.org] score in one of my spam's:
Now I've turned spam into something of a game. I have procmail rules tell me when a new record has come in so I can laugh at how cliché the message is. It's fun. Really.
The sad thing is that spammers are most likely already using these rules to try and author messages that will sneak in "under the radar" so to speak. I wouldn't be suprised if I start getting messages in pig-latin one day.
-AP
I set one up (Score:2)
You'd be surprised what thye get up to... (Score:2, Interesting)
someone@REMOVETHISdomain.com
me@SPAMOFFhost
NOSPAMme@isp.net etc.
Suffice to say we did not tender for the work. What worried me was the fact that they were willing to pay good money (arounf 5,000 sterling) to extract maybe 250,000 email addresses, this goes to show there must be a good incentive to do all this spamming.
Spam filtering -- dictionary based effort? (Score:3, Interesting)
I've been actually collecting Spam for an idea that I have -- Spam can be identified by the subject matter based upon the vocabulary. This weekend I hacked out a script that goes through a spam mbox and builds an index of words and two-word phrases.
I ran it against my main inbox and it generated an entirely different vocabulary than the one generated by my spam mailbox. This leads me to believe that a new mail message could be judged by subject alone to see if contained a lot of spam vocabulary, and if it did its words could get added to the dictionary.
The virtue of this is that its self-learning -- the more you get, the better it gets at finding them since the spam vocabularly gets even better defined.
Of course, I haven't worked out the scheme for matching new mail against the dictionary yet (either in a logical sense or an implementation sense), so it may prove much harder than it seems -- but the fact that Spam is spottable in the subject by me just reading it vs normal mail shows me that the vocabulary is significant.
Spam Assassin - without a doubt the BEST (Score:3, Informative)
We had previously tried a number of anti-spam solutions, including combinations of RBL, ORBS, locally-maintained blacklists and lots of Sendmail hacks.
We had very little luck until November, when we implemented Spam Assassin [spamassassin.org] on all of our mailboxes. After turning on Spam Assassin, the SPAM seemed to just go away. In the first day alone, we caught over 300 pieces of SPAM with ZERO false-positives with less than 10 pieces of junk making it through to the end user's mailbox. The program is, simply put, amazing.
It's multi-faceted approach works very well. It uses a combination of simple logical string checking, in addition to things like distributed databases like RBL and Razor.
The program can also place SPAM's in a dedicated mailbox file so you can see what got rejected. Each piece of rejected mail contains a report that includes the reasons that contributed to the rejection. Each reason has a weighted value that contributes to the final "good" or "bad" disposition. All of this is highly customizeable, but it does work very well out of the box without any tinkering.
I highly recommend this program. Take the time to sit down and install it on your mail server.
Re:Fight Spam (Score:5, Informative)
UCE = Unsolicited Commercial E-Mail FTC = Federal Trade Commission
If you send it to someone like your congressman, YOU are spamming. If you do it often enough, I'm sure they will have a word or two with your ISP.
If someone sends you a letter filled with anthrax, forwarding it to the president will not make things better...
Re:Fight Spam (Score:4, Informative)
On another front, the FTC set up a special electronic mailbox reserved for UCE in order to assess, first hand, emerging trends and developments in UCE. With the assistance of Internet service providers, privacy advocates, and other law enforcers, staff publicized the Commission's UCE mailbox, "uce@ftc.gov," and invited consumers to forward their UCE to it. The UCE mailbox has received more than 2,010,000 forwarded messages to date, including 3,000 to 4,000 new pieces of UCE every day. Staff enters each UCE message into the database; UCE received and entered in the database within the preceding 6 months is searchable. Periodically, staff analyzes the data, identifies trends, and uses its findings to target law enforcement and consumer and business education efforts.
Re:Web Applications that Require Confirmation (Score:2, Interesting)
spam-real@you.com
spam-ebay@you.com
spam-amaz
spam-nytimes@you.com
&c.
If, for example, spam-amazon@you.com starts getting spammed two days after you created it, and you only gave this address when you signed up for Amazon, guess who sold or was sloppy with your address?
I do similar but it can be even more effective. (Score:2)
Spam's gone from my box and anyone else using Razor is also protected.
Here are some resources (Score:3, Informative)
Try going to SPEWS [spews.org] and searching on the IP addresses of any SMTP relays used in the mail. If you find a hit, view the evidence file. It will usually contain information about the sender of the spam, their ISP, and related domains.
Subscribe to news.admin.net-abuse.email via your news provider of choice, or search the archives at groups.google.com. If you type in some particulars about the spam - for example the domain being advertised, or maybe the email address listed on the whois for that domain - Google will usually bring up some pertinent matches from NANAE. When it's a new spam run, or a new spammer, remember that Google's archive is usually at least 12 hours behind.
If you don't find anything, or even if you do find something and you're in a sharing mood, post the spam you get to news.admin.net-abuse.sightings and if you've done any research into the spammer, include it at the top of your post.
Shaun
Re:Checksums are fine and dandy until.. (Score:2)
The checksum routines can pick parts of a message to checksum, they don't have to do the whole thing, say the 5th and 25th lines of the message so the spammer will have to generate changes all over the whole file.
The modified spam will end up in the checksum database just like the original spam. The end users will be just as protected.
The checksum database is transient, the checksums age and are removed.
What the spammer actually has to do is clean up his mailing lists and remove the poison addresses. Otherwise every time he hits one, the rest of his mail run is wasted, but this means hard work and checking harvested addresses individually. And they have to continue checking them as they harvest them.