Forgot your password?
typodupeerror
Spam

Christmas Spam Level Skyrocketing 286

Posted by timothy
from the bring-back-the-stockade-please dept.
dbolger writes: "ZDNet has this brief, but interesting article about how the amount of spam we recieve in our inboxes has increased 650% since this time last year. Nice to know that that anti-spam legislation passed a while back is having an effect (not)." For PINE users, just remember the magic spell: "m s r f a."
This discussion has been archived. No new comments can be posted.

Christmas Spam Level Skyrocketing

Comments Filter:
  • right.... (Score:3, Redundant)

    by dr_labrat (15478) <spooner@nOSPAm.gmail.com> on Monday December 10, 2001 @04:37AM (#2681130) Homepage
    How does this compare against the overall growth of the internet, though?

    The growth in the number of people connecting to the net should be much higher....
    • Re:right.... (Score:2, Interesting)

      by MLC2012 (467954)
      It's a simple equation...

      The cheaper PC parts get, the more new users.
      The more new net users (AOLers?), the more spam.

      I recall reading something on news.admin.net-abuse.email a while ago about a company that provided webhosting to businesses, and something like 95% of their new customers spammed. I'd imagine that rate could be applied to new members of online services a la AOL, Prodigy, et al, and probably half that rate for new net users connecting via actual ISPs.
    • Re:right.... (Score:2, Insightful)

      by DCowern (182668)

      I seriously doubt the internet has 6.5 times the number of users it had a year ago. In fact, the UCLA report mentioned on Slashdot yesterday [slashdot.org] shows that internet usage by Americans grew by 66.9%.

      Assuming the rest of the world's internet growth mirrors that of the U.S. (which I assure you it hasn't), the amount of spam being sent is growing 10x faster than the number of new users coming online.

      • by MS (18681) on Monday December 10, 2001 @05:31AM (#2681257)
        The rest of the world (= non-us) accounts for about 67% of all internet users, and is growing more rapidly, as there is more room for new users. The US is reaching saturation.

        Despite more than 2/3 of the Internet-users beeing non-us-citizens, 90% of all spam originates in the US. This is most likely due to permissive legislature in the US. In Italy for example collecting (e-mail)addresses and other personal data is illegal, unless you have written permission from the user, or you have a business realationship (italian law #675/96, aka privacy law).

        IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.

        Ciao,
        ms

        • IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.
          Why clutter the books with yet another unenforceable law -- which will probably be so badly written that it illegalizes sending email to your mom -- when there are highly satisfactory technical responses? A good junk-mail filter (down to and including a hand-rolled .procmailrc) is perfectly adequate spam control.
          • Why clutter the books with yet another unenforceable law -- which will probably be so badly written that it illegalizes sending email to your mom -- when there are highly satisfactory technical responses? A good junk-mail filter (down to and including a hand-rolled .procmailrc) is perfectly adequate spam control.

            You've answered your own question. The number of people competent to hand-roll a procmailrc, let alone install all the other needed anti-spam tools, is a tiny fraction of the total number of email users. And maintaining all of that anti-spam infrastructure to keep up with the latest spammer tricks.

            This is a classic arms race, and it's one that the spammers will likely keep winning. Why? Because they care a lot more. A bunch of spam is a time-wasting minor annoyance to you, but their livelihood to them.

            Legislation that allows recepients to sue spammers is perfectly enforceable. And even if the legislation only provided criminal penalties, it would still be valuable. For example, the folks from Paetec could have quickly booted the spammers of their network, rather then getting caught up in a multi-year legal battle [paetec.net].
        • Information obtained from the internet is deemed public information, so people are allowed to collect it in the US. However, you can sue for illegal solicitation if someone e-mails you without consent or a business relationship in the US - the greater of $5000 or the product or service advertised is the standard penalty.

          Its just really difficult to enforce.

          And you saying we're too permissive? What, do you kill spammers in Italy?
  • Yahoo Spam filters (Score:5, Informative)

    by LS (57954) on Monday December 10, 2001 @04:44AM (#2681159) Homepage
    I use a yahoo address for my email, and have it forward to my local server's mailbox. Yahoo adds a header "X-Rocket-Spam" to mail tagged as spam, and I use procmail to filter these out. While their spam detection still works pretty well, ever since the economy went to shits their filtering has progressively gotten worse. I suspect that they are letting certain spam slip for a fee. It used to catch everything, but now I get at least 10 messages a day getting through.

    LS
    • by PigleT (28894) on Monday December 10, 2001 @04:59AM (#2681194) Homepage
      You could look into _spamassassin_(.taint.org) and _razor_(.sourceforge.net) as well, btw.
      I'm now using those, finding spams semi- heuristically and reporting SHA1 hashes to razor servers, with much happiness.
    • I filter my Yahoo mail based on the header X-YahooFilterdBulk. It catches about 90% of the spam. I've gone from 20+ spams a day to a couple a week.
    • Ironically enough, I cut down my spam by about 70% by sending everything with "@yahoo.com" in the headers to my spam directory. Not one false positive to date.

      -Legion

    • despammed (Score:2, Interesting)

      by IanO (21302)
      I use despammed.com [despammed.com] and I have found their filters to be quite effective in preventing spam. Anytime I sign up for a site that account gets used and if I later trust them I may switch to one of my unblocked accounts.
  • no r... (Score:2, Informative)

    by Lish (95509)
    Too bad my Pine 3.95 (the version on our university system) doesn't have an "r" command in setup. It apparently lets you set up "rules" for filtering, according to the Pine FAQ [washington.edu].
  • by Artifice_Eternity (306661) on Monday December 10, 2001 @04:46AM (#2681162) Homepage
    I was laid off from a marketing/"branding"/ad firm in July, b/c they just weren't getting the web development business they once had. Banner ad rates have plummeted, and we are being assaulted by ever-more-maddening varieties of web ads (huge banners, popunders, clickthroughs, and now "shoshkeles"!?). Sites feel they have to give advertisers more for their money, simply in order to bring in the same revenue as during the dot-com boom.

    When will this madness stop? Users may flee sites that harass them too strongly. Then again, the general level of advertising in our environment has been slowly but steadily increasing for decades. I doubt this trend will stop anytime soon.
    • Just wait till the day we have satellites in the sky blinking obnoxious ads at us as we try to look at the stars.
      • >Just wait till the day we have satellites in the sky blinking
        >obnoxious ads at us as we try to look at the stars.


        *shrug*


        just don't learn morse code, and you'll be fine . . .


        ;)
        hawk

      • Just wait till the day we have satellites in the sky blinking obnoxious ads at us as we try to look at the stars.

        Remember the Heinlein story, I think it was "The Man Who Sold the Moon", where the guy got funding for a moon mission by working with soft drink companies about putting great big product logos on the surface of the moon.

        shudder...

  • by vandan (151516) on Monday December 10, 2001 @04:54AM (#2681180) Homepage
    Get your own back from SPAMMERS! Click the link and follow through to each of the SPAMMER's advertisments you wish to 'pay back' for their fine services. The cost to the SPAMMERS per click is displayed next to each advertisment. Only one click per day per person per advertisement is counted... http://www.overture.com/d/search/?type=home&Keywor ds=bulk+email [overture.com]
    • by Anonymous Coward
      And here's my spamhurt.php file.

      <?php
      error_reporting(E_ALL);
      set_time_limit(0);

      $agents = array("Mozilla/4.75 [en] (X11; U; Linux 2.2.16 i686)",
      "Mozilla/4.74 [en] (X11; U; Linux 2.2.10 i686)",
      "Mozilla/4.72 [en] (X11; U; Linux 2.2.12 i686)",
      "Mozilla/4.73 [en] (X11; U; Linux 2.2.14 i686)",
      "Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)",
      "Mozilla/5.0 (X11; U; Linux 2.2.16 i686; en-US; 0.7) Gecko/20010105",
      "Mozilla/5.0 (X11; U; Linux 2.2.14 i686; en-US; 0.7) Gecko/20010105",
      "Mozilla/5.0 (X11; U; Linux 2.4.3 i686; en-US; 0.6) Gecko/20001206",
      "Mozilla/4.51 [en] (WinNT; U)",
      "Mozilla/4.72 [en] (WinNT; U)",
      "Mozilla/4.74 [en] (WinNT; U)",
      "Mozilla/4.08 [en] (WinNT; U)",
      "Mozilla/5.0 (Windows; U; Win95; en-US; rv:0.8.1+) Gecko/20010426");

      srand((double)microtime() * 1000000);
      shuffle($agents);
      $agentCount = sizeof($agents) - 1;

      function HTTPGet($url)
      {
      global $agents, $agentCount;
      if(!($fp = fsockopen("www.overture.com", 80))) return FALSE;
      fwrite($fp, "GET $url HTTP/1.0\r\nHost: www.overture.com\r\nUser-Agent: " . $agents[mt_rand(0, $agentCount)] . "\r\n\r\n");
      $html = fread($fp, 100000);
      fclose($fp);
      return $html;
      }

      mt_srand((double)microtime() * 1000000);
      preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+email"), $urls);
      preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+mail"), $urls2);
      $urls = array_merge($urls[1], $urls2[1]);
      shuffle($urls);
      $linkCount = sizeof($urls) - 1;

      while(TRUE)
      {
      $html = HTTPGet($urls[mt_rand(0, $linkCount)]);
      if(strstr($html, "HTTP/1.1 302")) echo preg_replace("/^.*Location: http:\\/\\/(.*?\\r\\n).*$/s", "\\1", $html);
      }
      ?></A></A>
    • What makes you think it's per click? You fools! It's a one time fee!
  • Spam or junk? (Score:5, Insightful)

    by spamkabuki (458468) on Monday December 10, 2001 @04:57AM (#2681189) Homepage
    Looked at the headline and thought "Hmmm, I haven't gotten that much more spam...". Spam seems to be a bit of a misnomer here. Sure, there is some increase in holiday advertising and such, but spam (i.e. unsolicited e-mail) isn't what they are really complaining about here.

    In the body of the article, they describe how jokes, animations, and greeting cards are clogging the system. Well, duh! Ask the USPS. They get clogged with lots of this stuff at this time of year; they're called Christmas cards.

    This isn't really spam per se. It generally comes from people you know, even if you only hear from them once a year. Somehow the mailman and my mailbox cope with the onslaught every year. If your corporate infrastructure can't handle it, well what will you do if there is a legitimate boost in business traffic?

    I guess these people will just crack the whip on corporate use policies again. Fat lot of good that seems to do.

    All this trumpeting about %650 increased spam is an alarmist waste. (Not that I really want any more of the tons of weight-loss pills; credit fixing programs; appeals from Nigerian humanitarian organizations looking for my bank account number, promising free money for my help.)
    • appeals from Nigerian humanitarian organizations looking for my bank account number, promising free money for my help

      You get those emails from humanitarian organizations? I always get those emails from some relative of a deceased dictator or general.

      Maybe these emails are more targetted than we think...
    • In the body of the article, they describe how jokes, animations, and greeting cards are clogging the system.

      Jebuz, tell me about it. My birthday is this week and my mother has taken it upon her self to send me about ten of these greeting cards a day. I am of course, an ungrateful little bastard and all but I just can't friggin stand this. I apreciate the thought but it is really helping to drop the signal to noise ratio in my inbox.

      I must find a way to stop this without hurting her feelings or adding her to my killfile. Anybody got some DDOS bots I can borrow?

  • Pine has rule-based filters to block out SPAM. However the Help page recommend you to do the filtering between SPAM arrived at your mailbox. But not everyone has that kind of control over all their mail are stored or organised. And also you need to know what kind of rules are best for blocking SPAM, eg checking the To: and Subject: fields, what regexp to use, etc.

    Here is a suggestion: As a Xmas gift to your fellow /.ers, post your most successful spam filter rules here (All mail clients welcome).

    Ho HO HOLD (the SPAM)!
    • I find a very effective spam filter is to simply filter out any e-mail that doesn't have your address in the TO: or CC: fields. It's very rare to see a spam that's correctly addressed in this way.

      Of course, you'll have to create exception rules for any mailing lists you're on, but it works really well.

      • I find a very effective spam filter is to simply filter out any e-mail that doesn't have your address in the TO: or CC: fields. It's very rare to see a spam that's correctly addressed in this way.

        I use this "algorithm," and in general, it's a good one. But it's getting worse. I'm getting more and more junk email that does have my address in the To: header. The spammers are starting to figure out that this is a commonly-used filter, methinks.

  • Speaking of SPAM (Score:2, Interesting)

    by kawaichan (527006)
    I don't get all that much Spam from my email. but I am getting tons of spam from ICQ lately.

    At least there are programs to block spam from your mail box, you can't do that on ICQ. Seems like they generate a new ICQ for each messenge so you can't ban them all.
    • by kylegordon (159137)
      Yes, but under the preferences options you can deselect the option of allowing others to see when you are online. This allows your friends to see you online, but stops your ICQ homepage from displaying a status image.

      It works for me anyway.
    • Re:Speaking of SPAM (Score:2, Informative)

      by mosschops (413617)
      Fortunately you can block the ICQ spam...

      Under the Security and Privacy entry on the main ICQ menu, there's an option to only accept messages from people on your contact list. To be sure, also tell it not to accept e-mail express or pager messages, as they're generally abused too.

      The newer ICQ 2001b gives finer grained control over this, so you can accept regular messages but ignore URLs, etc.

      With the rise in ICQIS bot usage for ICQ spam, setting these is almost a must now :-(
    • It's funny how ICQ made all these features such as WWPager and EmailExpress which are designed to make you available to people without ICQ.. then when they start getting abused by spammers, ICQ will even tell you not to accept these services. They should either support these services (which means actively preventing spam, not just telling you to filter them) or discontinue them..
  • Whenever I see that icon I always think of a piggy bank so I think the topic has something to do with money.

    For a topic icon for spam, can't you have a mailbox stuffed with mail?
  • Really? (Score:4, Interesting)

    by Ogerman (136333) on Monday December 10, 2001 @05:07AM (#2681219)
    That's funny. I receive at most one or two SPAMs per month. (The handful that slip through onto the Debian mailing lists don't really count.) Maybe people are just becoming more stupid in how they give out their addresses. Oh yeah.. and then there are HTML tags that 'phone home,' supported by many popular [microsoft.com] mail clients. Of course, we can all thank MS for Hotmail: an endless supply of throw-away mail accounts.

    For those who care to reduce spam and other online (and offline) annoyances, see Junkbusters [junkbusters.com] web site, also home to the free (GPL) filtering proxy by the same name.
  • by WyldOne (29955) on Monday December 10, 2001 @05:20AM (#2681236) Homepage
    I wrote one in TCL recently - still alpha testing it. Pre-screens e-mail in my pop3 account _before_ I d/l it with fetchmail. Mostly based on a hueristic approch. EG spam rules:
    • If more than 50% of characters in subject are upper case = shouting.
    • If the Subject has a random number or nonsense string at the end.
    • If e-mail has no 'from', 'to' or 'subject' line
    • If e-mail is not addressed to me
    • Certain percentage of spam words (make, money,loan,etc)
    • Certain spam phrases
    • luzer list


    Exceptions:
    list of trusted sites/people.
    Things specificly sent just to me.

    It was amazing just what it did filter - I went from 10 spams a day to 1 a week. (mostly due to timing issue of spam pre-filter to fetchmail d/l)
    It whacked almost 300+ spams from my 'public' e-mail account in one go. I also have it log the from/Subject - just in case)
    • What's the best way to determine whether there's a random number or nonsense string at the end? I can see sending a string of characters through ispell, but numbers would seem to be another matter.

      I have pretty good success with looking for nine or more continuous spaces, by the way.
  • by Hougaard (163563) on Monday December 10, 2001 @05:21AM (#2681240) Homepage Journal
    The only thing I hate more than the professional spam are emails from "friends" (non-geeks) that need to inform me of that latest virus, chainmail or that there is a new update that I should download. People are simply CC'ing their entire address-book whenever they receive something that looks interesting, and thereby creating spam :-(

    And don't get me started on stupid christmas chain mails !!
  • MandrakeSecure (Score:3, Interesting)

    by Mandrias (5341) on Monday December 10, 2001 @05:38AM (#2681270) Journal
    Mandrake Linux has recently opened a new site called MandrakeSecure which is focused on securing a mandrake box.

    A recent article [mandrakesecure.net] posted on MandrakeForum [mandrakeforum.com] talks about ways to handle SPAM using postfix and qmail. Maybe this can be useful to the larger slashdot crowd?
  • mailfilter (Score:2, Informative)

    by havana9 (101033)
    mailfilter [sourceforge.net] is a nice antispam tool useful for all of us who can connect only up to 31200 bps with a v.90. Before downloading mail it checks the headers against a certain number of regular expression, making a good job to find spam-like messages.
    Then deletes them on the pop3 server before downloading the actual body.

  • by ukryule (186826) <slashdot AT yule DOT org> on Monday December 10, 2001 @05:45AM (#2681284) Homepage
    This "news" report comes straight from a press release [surfcontrol.com].

    So, a company selling email filtering software say that email filtering is ever so important? What they actually said was:
    "Our database of holiday-related email messages and attachments has grown 650 percent since last Christmas,"
    But their job is to build up a database of junk, so it's not really surprising - it's just saying that their database is up to date (or that their database was very out-of-date last year).
  • I get SPam, but it says something like,
    "This is not Spam, I'm emailing to let you know that for only 4.99$..."
  • by cyrilc (126593) on Monday December 10, 2001 @06:07AM (#2681343)

    I've just tried SpamAssassin [taint.org] this WE and it works great :

    • higly configurable Spam Scoring Filter according to predefined rules (each set of rules adds some pts as it matches, and it is "declared" spam when the result is highter than a specified value)
    • can rely on RBLs
    • is able to report spam to Vipul's Razor [sourceforge.net] (distributed, collaborative, spam detection and filtering network)
    • personal black and white lists
    • can be tuned for particular filtering (changing scores etc.)
    • can be used for a whole [taint.org] domain/network

    ...the best thing is that you don't have to perpetually update black lists of well know spammers
    it is just based on content detection of spams (subject in CAPITALS; lots of exclamation marks, sp sammer X-Mailer etc.)

    and it really works well

  • by ab315 (443209) on Monday December 10, 2001 @06:23AM (#2681376)
    I don't need statistics to tell me that the level of spam is going up, the number of messages I get from hot-n-horny teenage vixens wanting me to look at their webcam tells me that. And this is to a unique business email address which is used on my business web-page only and has never been posted to usenet.

    What surprises me is how the major players who stand to benefit from universal internet use have ignored the threat of spam to the internet as a whole.

    To the ordinary user receiving a daily mailbox of sexually-explicit advertising is a major turn-off. I know several ordinary people who just stopped using email because of this sort of thing, and just use their cellphones to make calls and leave voicemail instead. No telephone company would survive for a second if its voicemail customers got bombarded by the same sort of sexually-explicit advertising that internet users get by email.

    Spam filtering is not a viable solution for average non-technical users. The industry needs to clean up its act or it will suffer major consequences.

    If the present trends continue it would not surprise me if email actually drops out of mainstream existence and is only used by a geek subculture, being replaced by other messaging solutions that provide a safe environment.

    • by Halo1 (136547) <jonas DOT maebe AT elis DOT ugent DOT be> on Monday December 10, 2001 @07:04AM (#2681457) Homepage
      Yeah, just read this: http://www.clifto.com/8345.html [clifto.com]. This guy calculates, using publicly available numbers about the amount of businesses in the USA, that even if only 1% of all *US* companies sends you only 1 message a month, you end up with 8345 ads *PER DAY* in your mail box.

      So even if they'd send you only one per year, you'd still get on average about 695 ads per day. So people, instead of JHD (Just Hit Delete), please try to find the time to figure out where the spam was sent from and where the spamvertized sites are hosted and report the spammers or they things may become very ugly...

      Jonas

    • by Charles Dodgeson (248492) <jeffrey@goldmark.org> on Monday December 10, 2001 @08:56AM (#2681752) Homepage Journal
      ab315 says
      Spam filtering is not a viable solution for average non-technical users
      Spam filtering is actually a bad idea. Spam filtering actually makes life easier for the spammers. I have a short note [goldmark.org] discussing this. Among other things, it says
      Attempting content filtering to detect and junk incoming spam is counter productive. Filtering like that only makes things easier for spammers. The spammer's ideal email list would include every email address on the planet with the exception of those who are inclined to take action against spam. The spammer doesn't mind the vast majority of people who "just hit delete". If automatic filtering means that those inclined to complain about the spam don't see the spam, then filtering actually helps the spammer.

      I wonder if the increase in the use of filters is related to the increase in spam.

      • The spammer's ideal email list would include every email address on the planet with the exception of those who are inclined to take action against spam. The spammer doesn't mind the vast majority of people who "just hit delete". If automatic filtering means that those inclined to complain about the spam don't see the spam, then filtering actually helps the spammer.

        So set your filter to forward each spam to your congressman. B-) Say, with a nice form-letter about how this showed up in your inbox today and you'd really like the law against unsolicited faxes to be expanded to include spam, with only "opt-in" allowed.

        And re-tune it periodically as the congresscritters change their email addresses.
  • I already found the way to remove 90% of my spam. I just send mail from the following domains to a temp folder:

    aol.com
    excite.com (dead now, probably a good thing)
    hotmail.com
    lycos.com
    mail.com
    safe-mail.net
    yahoo.co.uk
    yahoo.com

    I have a special list of people that are explicitly allowed. I expect to see more filters like this in the future, especially for domains that are known offenders.
    • I'd venture to say the majority of mail you get from @aol.com never really originated from there (the spammers used a fake reply-to address). How do I know this? Because AOL has installed software similar to Slashdot's lameness filter that catches spammers and QUICKLY terminates their account. (AOL members can read about this at Keyword: Rate Limiting.) AOL used to have a really bad problem with child porn and warez, a quick visit into a few empty private rooms reveals this is no longer the case. If you exceed the preset number of outgoing e-mails in a given amount of time, *poof* your AOL account does a disappearing act right before your eyes.

      So WHY are you getting e-mails with a forged @aol.com reply-to? It's simple! Many spammers simply believe that AOLers are more trusting of familiar-looking e-mail addresses, so they want their spam to appear as if it came from another member of the service. Ironically, inter-service e-mail on AOL has NO @ address on it!

      Next time you see spam from @aol.com, check the originating server in the headers, you might be surprised.
  • No, we don't have an open relay. We have everything properly configured and don't allow relaying. But some %'&$"#!-spammer decided that using michael@ourdomain.de in the "From:" line would be a good idea when sending out spam.

    I get several hundred emails per day, either automated replies that tell my, that "your message to iojrf323@yahoo.com could not be delivered" or angry users that accuse us of spamming.

    I try to contact the admins of the abused systems and enter their servers into an open-relay list, but that hasn't slowed down the rate of incoming emails.

    Any ideas?
    • If you are in the US of A, there is legal precedent that such forging of From: headers is damaging to the forged domain. You might want to look at The flowers.com case [mids.org] for more info.

      Essentially they argued that they had to spend time dealing with complaints and calculated the cost of that lost time. They didn't even argue for damage to their reputation, which I think could have lead to an even bigger penalty.
  • The Profit in Spam (Score:4, Interesting)

    by Anonymous Coward on Monday December 10, 2001 @07:08AM (#2681470)
    It doesn't help that companies like verio and level 3 are about to go under. There anything for a buck last grasp is making them spam friendly. I recently busted a site on verio http://128.242.238.85/ that was operating openly as a spam source. Verio didn't care.

    I emailed 100 verio customers in that net block to explain to them how they would be blackholed and what that meant. They took down the site.

    You can set up the very software spammers use to poach email addresses from sites in the same net block.

    I fight fire with extreme fire. The only spammers I go after since you can rile people up on it, porn spammers, they don't care if they are sending to a kid or an adult, most of them even have pedophile or zoophile crap. Grab a name from the isp, any name. Contact them on the phone and tell them of the spam and give them 24 hours to have the site removed. If not, you are going to call everyone with their last name in the city the isp is located and let them know they are all for helping pedophiles etc. Does your mom know you send porn to minors?

    It is very effective. Use infoseek or similar service, look for business by the ISP. Call the deli downstairs, the church in the neighborhood, then let the person at the ISP know who you talked to.

    I am not posting my name since spammers have put me on their lists, they post my name as a spammer in newsgroups. They suck.

    I have a job where filtering mail could mean not getting a clients mail, so it is not an option.

    If everyone just took one piece of spam, traced it to the source or the host. Attacked that host, with legal threats. Do not make anything up, do not lie. When you call their biggest advertiser to explain how they support pedophiles, be clear, it is because they refuse to take action against pedophiles hosted on their site. That they allow one of their customers to send unsolicted porn to minors. Be very clear. And be very clear your group is about to announce who is helping these scums, since their company is an advertiser or client of the isp, you are going to list them. Don't like it? get another isp or get the isp to stop.

    Shame is a great motivator. Use it. If we do not stand up to this crap, we are going to see legislation coming in, they are going to be heavy handed, they are going to snoop. Take back your box.

    Do more than report a spammer today, those days are over. Attack,threaten and shame a host today.

  • Spam Study (Score:2, Informative)

    by MadMorf (118601)
    I worked as a Postmaster at a Federal Gov't agency a couple of years ago.

    While I was there we did several things to try and determine what kinds of messages were entering our system.

    One of the things we did was to queue all incoming messages for a short period so could have a chance to look at them.

    What we determined was that over 95% of all the messages we received that were larger than 1 Meg were CRAP of some sort, and definitely NOT business related.

    We also tracked the number of messages per day going through the system for several months and found that just before Thanksgiving our numbers would triple and stay that way until Valentines Day...
  • Hey you, Jim Peterson!!! Do you like Christmas!!! Then check out our barely legal Ho Ho Hoes!!!!

    Also play our new game: Find the bad-girl coal!!!
  • Ever since Bigfoot.com started tanking, they were selling email addresses to SPAMmers. 99% of my SPAM comes to that address, which used to be my primary. Now almost anything going there goes to the bitbucket. 90% of the email I send on a daily basis consists of "user unknown" bounce messages generated via my filters (love that feature in kmail).
  • What, pratel, is the anti-spam legislation that has been passed in the US?

    Spamlaws.com [spamlaws.com] still susscintly leaves the state of current federal spam legislation at 3 words: Enacted legislation: None

  • by resistant (221968) on Monday December 10, 2001 @08:34AM (#2681681) Homepage Journal

    I send you this coal in your stocking in order to have your grimace. No thanks, bye.

  • by AYeomans (322504) <ajv@yeomans[ ]g.uk ['.or' in gap]> on Monday December 10, 2001 @08:38AM (#2681689)
    My Yahoo mailbox has just filled with bounce messages, as a spammer forged my email address as From: and Reply-to:. I only saw a few hundred bounces before the inbox filled.

    At least I gor a copy of the original message, so could trace the sender's IP address and their obfuscated web site address.

    I dropped a note to abuse@ISP, who seems to have removed the spammer's web site now. Otherwise I might have asked the Slashdot community to test the spammer's offer (:-)

    But what to do about reputational damage? Or going onto known spammer lists?
  • Ever since AT&T switched all of us from @Home to their new network, I haven't gotten a single spam, whereas I used to get over 20 a day.

    I'm enjoying it while it lasts.

  • Hotmail vs Yahoo (Score:2, Insightful)

    by MadMorf (118601)
    I have both a Hotmail account and a Yahoo account.

    The Hotmail account averages 10 to 20 pieces of Spam per day.

    The Yahoo account averages 2 Spams per day.

    The funny thing is I don't use the Hotmail account address for anything, I use the Yahoo account for virtually everything.

    So. My theory is that Hotmail/MSN allows/encourages spammers to fill their users mailboxes with crap!
    There are 2 possible reasons:
    1 - Hotmail/MSN actually sells their user lists to spammers.
    2 - Hotmail/MSN drives up revenues by selling larger mailboxes to people who get more Spam.
    • by danheskett (178529)
      You miss the most obvious:

      Hotmail has a large user base. Go try to register "dan". It won't go of course (too short, but before they instituted that, it is already taken).

      So Hotmail will generate you an email address based on your name - dan6761, dan6762, dan6763, etc.

      Its now not very hard to generate a good list of addresses. Create a list of the 100 most common first names and cycle through various numbers up to 10,000. Now create a list of the 100 most common last names. Cycle through with a first initial (a-z) at the beginning and at the end. Now do the same thing with 1 to 10,000 appended to the end of that.

      In short, with a nice little perl script you can generate millions of addresses that might be valid. Send off one message to each, record the messages that bounch - take those off the list. Now just keep adding new ways to generate random names.

      In short order, I'd say less than 1 week, a decent programmer/spammer could generate a list of 10 million valid Hotmail addresses.

      It would cost them nothing - well maybe a cheap throwaway dial-up account. But out of 10 million messages, they just need 1 or 2 suckers to justify that $12.95 paid to JoeSmoeISP.

  • by SCHecklerX (229973) <thecaptain@captaincodo.net> on Monday December 10, 2001 @10:03AM (#2681970) Homepage
    Here's how I did it:
    1. Run my own mail server
    2. Disable expn (especially if you run mailing lists as aliases for somebody!!!) and vrfy.
    3. Make an alias for every service that requires a mail address
    4. write procmail filters that only allow mail to the above aliases if they are from the service you signed up for. If they spam you themselves, just remove the alias (I get a lot of third party spam from slashdot, believe it or not)
    5. Forward mail from the account on my ISP to my real mail server
    6. Delete everything that was forwarded by my ISP unless it came from the ISP themselves, or from the dyndns service (who obviously need a server other than your own to contact you through)
    7. Filter other specific spams as needed in .procmailrc (stuff with no from address, stuff with no '@' in the address unless it came from your own domain, etc)

    I hadn't been forwarding my ISP mail to my account for awhile. I was AMAZED at the amount of crap that came into it when I decided to check it the other day! SHEESH! 60+ mails a day on that account, ALL SPAM. MOSTLY PORNO. This on an account that I have NEVER used, let alone advertised! Of course the lack of security of the ISP probably didn't help (default web pages as the user's account id, for example)!

  • by bigbennie (174887) on Monday December 10, 2001 @10:18AM (#2682013)

    The reason a lot of geeks receive SPAM is the same reason I do ... registration of a domain. A live email address on a domain registrar is excuse to have every cheap SPAM cannon leveled at you.

    Also, folks seem a bit confused. THERE IS NO NATIONAL SPAM LEGISLATION. It never passed. Not at all. The reason a lot of spammers want to say they are in compliance with opt-out legislation is that it legitimizes their existance. Let's not forget that SPAM is STEALING. You pay for the junk mail that shows up.

    Check it out here... [spamcon.org]

    • THERE IS NO NATIONAL SPAM LEGISLATION.

      After over a month of the same spammer spamming me from prserv.net in Austin, TX, I went to look that up, and you're right.

      It appears that the mysterious 's1618' (passed by the 105th senate) that spammers sometimes claim (usually falsely, I find) to be in accordance with, got through the senate 3 years ago, and promptly fell into a House of Representatives committee black hole...

      It wouldn't be TOO bad as far as legislation on such matters can go. It appears that is IS 'opt-out', but at least it requires the REAL email, phone, and physical address of the spamming company AND (if different) of the person doing the actual sending of the spam, so at least you can find out who they really are if they are really in compliance...

      How much do you want to bet it'll rot and die in the HoR committee, like a bug in a 'roach motel', though....

  • by ltm (542708) on Monday December 10, 2001 @10:32AM (#2682085)
    About a month ago, I started reporting my spam to Spamcop.net [spamcop.net] .. you sign up for a free account, and every spam you get, you post to their website. (Additionally, there's a utility out there called Spam Deputy that will auto-post selected spams to your Spamcop account from Outlook.)

    Spamcop takes the headers and fires off Abuse messages to every domain it finds in the trace of the spam.

    The results? Well, I check my email and my wife's, and we used to get roughly identicle spams .. After using SpamCop for maybe 2 weeks, my spam count dropped off the map, while her email still gets hit. I'd say I've gone from 20 spam/day to 1 spam/day.

    It's kinda spooky. Don't know why it worked for me.

    • SpamCop [spamcop.net] is a useful tool, both from a user's and from a system administrator's point of view.

      Having used SpamCop from both sides (I work for a national ISP), I can't recommend it enough. The admin gets all of the pertinent information in a single mail, and the user can get feedback as to whether the issue has already been solved.

      Julian (the guy who runs the service) is particularly helpful, and open to suggestions.

    • I've been a Spamcop customer for years, and it filters all the E-mail from three domains for me. Until recently, it worked really well, because it used a challenge/response system - any new source of E-mail got a message back asking them to click on a URL in the message to confirm that they'd sent it.

      Recently, SpamCop has switched to a "heuristic filter", which is only about 50% effective. It's not a very good filter; it's passed messages from viruses through, and today I got the classic "Nigerian spam". I've been asking the SpamCop people to put the challenge/response system back. If all they can do is a 50% effective filter, I could just as well use one of the Procmail-based solutions.

  • It just seems like if every state had laws against spam it would end.

    I'm not talking about spam from valid companies, I'm talking about the spam with forged headers and invalid return email addresses.

    I know that usually the less government involvement the better, but why not let the government put a stop to this for us?
    • Ummm..

      Exactly how do you propose that this law would be enforced? Just because government says "stop" doesn't mean that SPAM will instantly stop.

      Also, because of the nature of electronic communications, it would almost certainly be taken to the Federal level - any communication that crosses state boundaries would instantly become Federally regulated.
      • The government simply puts a fine on any company that forges headers. $500/email.

        You receive an email with forged headers and you send it off to some complain department. They can then do a reverse lookup on the fax number or 1800 number or the owner of a website.

        Federally regulated is fine with me. It will probably speed up the process.

        I'm just tired of using spamcop and sending complaints to abuse@*domain*.com and not getting any results. When you try to call the big guys up they simply tell you to email them.

        Smaller companies will usually take care of the problems immediately.

        Going after the spam sender is usually a useless effort anyway, going after the end product that the spam is trying to sell is not.

        How can I address congress and make a proposal to end put something into affect? I've been working with my Missouri State Rep. Carl Bearden for Missouri laws, but we need laws everywhere to make it stop.

        It really is costing us money. My company is forced to pay for a full T1 instead of a burstable because of the massive amounts of spam that comes through overnight.
  • Somethig most forget (Score:4, Informative)

    by macdaddy (38372) on Monday December 10, 2001 @11:34AM (#2682411) Homepage Journal
    I'm reading the previous comments and there's something I notice that's disturbing. Most are quick to say how they hate spam and how spam will kill the Internet. Many are even providing information on how to filter spam. But no one has said anything about reporting spam. If there is something going on that you're so adamantly against, why don't you LART [pacbell.net] it? Doing your own personal filtering or simply ignoring the spam (UCE or UBE) only benefits yourself and only in the short term I might add. If you take a little time to LART messages, you'll not only help get A) spammers booted from their provider, b) spam sites get shut down, and c) companies that use a spammer's services to find a better way to advertise, you'll assistant in decreasing your's and everyone else's future spam. Examine the headers. Learn the signs of an open relay. Check for and report open relays. LART the abuse and postmaster addresses of the owner of the IP, the provider for that netblock, the owners (and sometimes providers) of the spamertised sites in the spam, CC uce@ftc.gov, and CC NANAS (news.admin.net-abuse.sightings) so that there is a record of spam for others to confirm that they aren't the only ones getting a particular spam. Also include the FDA on spams that say things about prescription drugs without and prescription or other FDA-related topics. Also include the US Secret Service on Nigerian Money scams. The SEC also accept reports of stock market scams. There is a plethora of things you should do with the spam you receive. Doing nothing with it is the real crime. I strongly recommend you become a member of news.admin.net-abuse.email and follow the discussions there. There are many spam FAQs floating around. Do you part to help other fight spam.

    I filter spam based off of numerous DNS blacklists. I also have an extensive list of spamming domains and spam supporting providers that I blacklist. Last week I rejected 95,837 pieces of mail from just one of my servers that I deemed to be spam. If people didn't report that spam to the maintainers of the DNS blacklists, I would have to rely on my own access lists to reject spam. This colaborative effort really works.

    • I also forgot to take the bounces to the LARTs you sent to abuse@ and postmaster@ those domains and report them to ,rfc-ignorant.org [rfc-ignorant.org]. Abuse and postmaster accounts are required to be RFC-compliant. Reporting bounces to those addresses doesn't neccessarily benefit the anti-spam fight directly but it does help some administrators when they try to contact those non-RFC-compliant sites. FYI
    • If the operators of the DNS blacklists would operate them properly, maybe more people would use them, and submit spam reports to them. These things include:

      • Have a place to submit spam incidents, such as a web form. Then process them to look for patterns.
      • Provide separate zones for blocking sources of spam, and blocking web sites and ISPs where spammers might be hosting a web page. Not everyone wants to block the latter; I only want to block the source of spam.

      Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer. If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused. Likewise, if they set up reverse DNS to identify their dynamic customer pool addresses in its own zone, I can block that to prevent the direct spam and some of the home open relays.

      Most people hate spam and don't want it coming in. But not everyone is wanting to come out swinging at everything in sight as a result of that. Some of the anti-spammers are on the wrong crusade and not very many people will follow them.

      • "Have a place to submit spam incidents, such as a web form. Then process them to look for patterns."

        Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.

        Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.

        Provide separate zones for blocking sources of spam, and blocking web sites and ISPs where spammers might be hosting a web page. Not everyone wants to block the latter; I only want to block the source of spam."

        Many DNS blacklist authors do just this. MAPS [mail-abuse.org] is a good example. You have the DUL which lists dial-up IPs only. The RSS [mail-abuse.org] which lists known && abused open relays. The RBL [mail-abuse.org] contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ [mail-abuse.org] is a combination of those 3. All 4 of those are their own zones. SPEWS [spews.org] lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints. relays.osirusoft.com [osirusoft.com] hosts many lists. Individual queries can be made to for any of the lists it hosts or you can transfer them all at once in a big zone file. relays.visi.com [visi.com] is the home of the RSL [visi.com]. It only lists open relays that have been abused, like the RSS and relays.osirusoft.com's base DNSbl. blackholes.2mbit.com [2mbit.com] is the home of the SBL [2mbit.com] (Summit Block List), not to be confused with the SBL [spamhaus.org] (Spamhaus Block List) which is hosted by osirusoft. The Summit Block List contains abused open relays and hosts that have been directly involved in spamming. The Spamhaus Block List contains "known spammers, spam gangs, or spam support services" and is "by the same team that maintains the ROKSO [spamhaus.org] database", a list of those spammers.

        "Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer."

        In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.

        "If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused."

        This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.

        Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky [spamhaus.org] and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.

        "Some of the anti-spammers are on the wrong crusade and not very many people will follow them."

        This I have to strongly disagree with. I've been involved in protecting my resources from spam for some time now and have implemented many steps to prevent as much spam from entering my system as possible. I reject just under 1400 known spamming domains. I also reject all mail from a number of providers that harbor spammers as well. I utilize all the lists hosted by Osirusoft, relays.visi.com, blackholes.2mbit.com, and I'm in the process of resubscribing to the RSS and DUL. I even do some filtering on message content which has been incredibly successful. Last week I rejected almost 96,000 pieces of spam on one of my servers. That's pretty darn good. Of the 2400 users on this particular server, I've only had complaints from 3. 3 of them couldn't receive mail from a particular person on the 'Net that wsa being filtered by me. 1 was on an osirusoft list. 1 was attempting to send mail through their mailing list that's run by cybercon.com (a known spam supporter) and mail to subscribers on our end was bouncing. The other was a customer of a customer of Broadwing's. After explaining to them that we couldn't selectively allow mail to just them from the affected host and that we'd have to allow all mail to them unfiltered, they decided to suffer from more spam than miss out on their friend's email. One has changed his mind though. The rest seem to love it. The best advice I can say to you is to keep an open mind about these lists and what they do for us. Not every list is meant for all situations. I personally don't want to use the RBL. In the beginning I was leary about SPEWS. The rest I like. Join news.admin.net-abuse.email and keep up with some of the conversations of the anti-spammers that reside there. A plethora of information and insight can be had with them (I'm there too). good luck!

  • Hi, I'm thinking about creating a website, and writing the applications to support something like this. Would this be useful to you guys? I know the documentation is sketchy, let me know on any ideas.

    I want to develop a free site for people to login to that will basically allow them to completely eliminate, and trace the orgin of spam. Here are the program specs, what do you think?

    Program Title:
    SpamRouter

    Program Description:
    A set of scripts to route mail to the correct destination address, as well as collect statistics
    on where the "spam" was sent to, which will provide a direct link to where the address was
    provided allowing us to track spammers efficiently, and accurately. Also allowing the user to deactivate the address provided, eliminating spam from that source.

    Author:
    Nick Hoover
    Systems Engineer
    720 Studios

    Copyright Information:
    This document and all of its accompanying scripts are (c) 2001 by 720 Studios
    No parts of this program may be redistributed for profit without explicit
    written consent of 720 Studios. You may modify this program as you wish, however
    no warantee is presented modified, or unmodified. Meaning, use at your own risk.

    Detailed Description:
    This will be discussed in a single user environment, in future versions however - multiuser
    environments will be present to allow the program to have a realistic use in the real world.

    SpamRouter will have three seperate things going on. The key attachment to all of these
    scripts will be a flat file (for now, however that may be put into a mySql database eventually
    if the need is ever that high) database which will contain the following information:

    useremail - the destination email address, which will be in the future used for the user's login
    userpass - dummy for now, eventually an encrypted password for multiuser
    userid - a generated ID that will be part of the generated keys
    totalkeys - total number of keys (described below) generated

    This database will contain the primary information for our users. There will be a second
    set of databases, which will be generated for each user. These databases will contain
    the generated keys, and will have the following information per record:

    key - the generated key
    origin - the site and or party given the address (this is for tracking)
    date - date the key was generated
    totals - total number of times the key has been flagged (ie. sent an email)

    Each email that is sent to a key will be copied and put into a file named after its
    key then followed by its count (ie. the sixth email sent to key X240213sd would be
    X240213sd.5 [0-5]) that way we can track messages as well.

    Now that you have an entirely confusing description of the data we'll be storing, time to explain
    how this thing works.

    Here's the life of a SPAM message sent to an address covered by spam router:

    User is asked to provide their email address to a website for whatever purpose.
    User logs into spamrouter and generates a new key, and enters in the website's URL
    and other information so he or she can remember what they gave it for.
    User is given a key generated address.
    User gives that address to the website, and goes about their business.
    IF the website the user gave their address to is a spamming website, and tries
    to spam the email address provided, spamrouter becomes a knight in shining armor.

    Email is sent to key at spam router such as: x9237823sijd783@spamrouter.org, spam
    router receives the email, and copies it into a file for future reference, increments
    the count on that particular abusing website in its database, and sends it to the
    destination address (we're not trying to block spam [unless the user turns that
    key off], just trying to trace it to whom it really came from.) An email is sent to the
    destination address alerting them that the email was SPAM and sent from whatever
    website the user registered it with. This allows the user to have a real copy
    of the email, the information as to whom it came from - so that they can contact
    the company, or whomever, and rip them a new one and have absolute proof that it was
    from them, furthermore, the user can then turn off that key. Basically, no one will
    ever receive your REAL email address (unless you give it to them) which lets you decide
    who can contact you, and who can't. The problem with most "filters" is they filter who
    it's from, not who it's sent to.

    Kind of complicated, and maybe not really all that useful... but I created it for myself
    because I want to know WHO is using my address for spam, that way I can get these people
    to stop. Furthermore, once I've finished my business with a particular site, I can turn
    that key off, basically eliminating spam from that address.
    • Check out SpamCop [spamcop.net]

      This site does a fair bit of what you are suggesting, including e-mail forwarding, spam tracing, generated keys, the database stuff, and more. I would like to get some of the stuff he is doing via GPL'd software (some of it is, BTW), but he does a pretty good job, and even seems to annoy the flagrant spammers a bit.

      There is free spam reporting, including an anonymizer to inform the offending ISP that they are being used by spammers. They can reply to the blind e-mail forwarder, but they won't get your address directly.

      If you want to build a better mousetrap, (or spam trap, as it may be), this is a good resource to use as a benchmark (or talk you out of your project... but don't let that stop you.)
  • For PINE users [...]

    Both of them ;-).
  • Hell... (Score:3, Informative)

    by PlaysWithMatches (531546) on Monday December 10, 2001 @03:38PM (#2683769) Homepage
    It's gone up by 650% for me in the last month. I get about 20 spam messages an hour, ranging from breast enlargement ads (I'm a guy, btw), to fixing my credit (which is already perfect).

    Fortunately, there was an easy solution. I just added Pine filters for these words in the "from" address: deal, offer, bargain, save, money, and winner. That cut it down from ~20 an hour to maybe 3 random e-mails a day that slip through. :P

  • As a former @Home (now AT&T) broadband user, since my email address changed I am no longer receiving the 30+ daily spams I got with @Home. I had my former @Home address for over 5 years and early on I wasn't as careful as I should have been about protecting it. I now use multiple email addresses, where I use an alternate address for services or postings which have the potential to be picked up by spammers.

    I suspect that it's only a matter of time until my new email address becomes another toilet for the spammers to piss in.
  • What if every time you get spam from some source, especially a direct delivery from a dialup, DSL, or cable luser, you launch a background process like:

    ping -c 86400 ${spammeraddress} &

    Of course you're only trying to see when the spammer goes away, right? But if everyone does this ... just for 24 hours after receipt of spam, what do you think will happen?

God may be subtle, but he isn't plain mean. -- Albert Einstein

Working...