Could Fake Phishing Emails Help Fight Spam? 296
Glyn Moody writes "Apparently, the US Department of Justice has been sending out hoax emails to test the security awareness of its staff. How about applying a similar strategy to tackling spam among ordinary users? If fake spam messages offering all the usual benefits, and employing all the usual tricks, were sent out by national security agencies around the world, it would select precisely the people who tend to respond to spam. The agencies could then contact them from a suitably important-looking government address, warning about what could have happened. Some might become more cautious as a result, others will not. But again, it is precisely the latter who are more likely to respond to further fake spam messages in the future, allowing the process to be repeated as often as necessary. The system would be cheap to run — spam is very efficient — and could use the latest spam as templates."
actually, this works fairly well. (Score:5, Informative)
my school district did the same thing, and it works great.
It's the best form of targeted training. Only those who fall for shit like this get a lesson, and follow-up fake scams had a MUCH lower success rate.
Re:it's already in use... (Score:5, Informative)
And it's called more exactly honey-pots.
Actually, honey pots are more about collecting spammer addresses, not identifying their targets.
Re:Seriously? (Score:5, Informative)
It might, however, stop email faking and sending from the zombie box itself, which would give a better point of control (because at the moment anyone can send emails that purport to be from Yahoo.com from their own box, if it is set up right, but a protocol that could fail connections claiming to be Yahoo.com emails that don't come from an approved Yahoo.com server would reduce the problem).
Note there is already a system for doing this. It called the Sender Policy Framework [wikipedia.org] (SPF) and uses DNS records to tell mail servers which machines are allowed to send mail for your domain.
This is not a perfect system though because often there is a legitimate need to use a different e-mail domain address than where your mail came from (eg. forwarding, etc). For that reason it doesn't appear that many mail servers are configured to check SPF records.
At the very least it seems like they would be good for pre-tagging SPAM (ie. still deliver it but add something to the header that says it could be spam).
Re:Seriously? (Score:2, Informative)
Frankly, I doubt that any spammer sends out 12 million emails from 1 machine.
More likely he'll send out 1 "instruction" to some 'hub' that is then 'read' by 10000 hacked machines that will each send out 12M / 10k = (lots) of emails... Then again, I must agree, each and every spam-bot would get silenced too after a while (as would the owners of the p0wn3d machines, which might by tricky from a commercial point of view for the ISPs).
After a while, only the spam-king with the largest zombie army would be able to make money on it as he would be able to send out mails in a volume that's just below the threshold of getting tarpitted. This might result in more aggressive viruses / bot networks, not sure whether that would be good or bad... =/
Our ISP @ work (well, the one that provides the 'unimportant intarweb connection') had a filter installed that would count the number of emails coming through the SMTP server and once a certain threshold (mails / interval) was reached, the SMTP server would reply with 'You have been infected by a virus'. In fact the message was a bit harsh since in our case 100+ people behind a single IP address sent out quite a bit of 'personal' mail that was not routed via the companies mail server (Exchange), but directly out using the ISP's SMTP router; but it indeed helped us catch an infected laptop once that tried to send out gazillions of emails. So YAY for that system.
Not sure if they still do that, our mighty internal-IT-staff decided that port 25 shouldn't be open to the outside anyway. (Can't blame them off-course, our firewalls were pretty much swiss cheese before that day)
Re:Seriously? (Score:4, Informative)
I was going to make this comment in computer-ish terms. It's called "push content" versus "pull content". Mailing lists PUSH the content to the user. Web fora require the user to PULL the content.
PUSH is much better for important information. PULL is better for information that is not critical.
My cell provider has an email to SMS gateway (and did the same thing prior to such gateways being common.) They also have "internet access" I could pay for that allows me to access POP/IMAP mail servers and web sites. The former is PUSH, the latter is PULL. When my server is dying, I want PUSH data telling me that. If my house goes below freezing, I want PUSH data telling me that. When I want to discuss hobbies, I mostly want PULL so I control when I read the information. If I want to know the temps in my house (other than extremes) I want PULL so I can control how often I am told.
One reason you didn't mention is that, for Unix users, at least, it is absolutely trivial to set up an email alias ("mailing list") using nothing other than standard email tools, where a web forum requires running a web server and the forum tools. I do both -- I have aliases for meeting notices and I have a Drupal wiki for online discussions. The aliases were so much easier and take so much fewer resources.