Christmas Spam Level Skyrocketing

dbolger writes: "ZDNet has this brief, but interesting article about how the amount of spam we recieve in our inboxes has increased 650% since this time last year. Nice to know that that anti-spam legislation passed a while back is having an effect (not)." For PINE users, just remember the magic spell: "m s r f a."

Re:msrfa?

[KarmaPolice]

Main menu
Setup
Rules
Filters
Add

But this doesn't work unless you know what to look for in spam...and none are alike

Yahoo Spam filters

[LS]

I use a yahoo address for my email, and have it forward to my local server's mailbox. Yahoo adds a header "X-Rocket-Spam" to mail tagged as spam, and I use procmail to filter these out. While their spam detection still works pretty well, ever since the economy went to shits their filtering has progressively gotten worse. I suspect that they are letting certain spam slip for a fee. It used to catch everything, but now I get at least 10 messages a day getting through.

LS

no r...

[Lish]

Too bad my Pine 3.95 (the version on our university system) doesn't have an "r" command in setup. It apparently lets you set up "rules" for filtering, according to the Pine FAQ [washington.edu].

Re:Yahoo Spam filters

[PigleT]

You could look into _spamassassin_(.taint.org) and _razor_(.sourceforge.net) as well, btw.
I'm now using those, finding spams semi- heuristically and reporting SHA1 hashes to razor servers, with much happiness.

Re:[OT]Stupid Topic Icon

[dbolger]

AFAIK the icon used to be a can of Hormel SPAM [slashdot.org], but the folks at Slashdot changed it when Hormel asked them politely. A nice change from the way [slashdot.org] some other [slashdot.org] groups have treated our favourite website.

mailfilter

[havana9]

mailfilter [sourceforge.net] is a nice antispam tool useful for all of us who can connect only up to 31200 bps with a v.90. Before downloading mail it checks the headers against a certain number of regular expression, making a good job to find spam-like messages.
Then deletes them on the pop3 server before downloading the actual body.

Re:Speaking of SPAM

[Anonymous Coward]

[x] Do not accept messages from users not on my contact list.

Nearly all the clones support that, too.

Re:Speaking of SPAM

[mosschops]

Fortunately you can block the ICQ spam...

Under the Security and Privacy entry on the main ICQ menu, there's an option to only accept messages from people on your contact list. To be sure, also tell it not to accept e-mail express or pager messages, as they're generally abused too.

The newer ICQ 2001b gives finer grained control over this, so you can accept regular messages but ignore URLs, etc.

With the rise in ICQIS bot usage for ICQ spam, setting these is almost a must now :-(

Not news - an advert (or press release)

[ukryule]

This "news" report comes straight from a press release [surfcontrol.com].

So, a company selling email filtering software say that email filtering is ever so important? What they actually said was:

"Our database of holiday-related email messages and attachments has grown 650 percent since last Christmas,"

But their job is to build up a database of junk, so it's not really surprising - it's just saying that their database is up to date (or that their database was very out-of-date last year).

SpamAssassin works great

[cyrilc]

I've just tried SpamAssassin [taint.org] this WE and it works great :

• higly configurable Spam Scoring Filter according to predefined rules (each set of rules adds some pts as it matches, and it is "declared" spam when the result is highter than a specified value)
• can rely on RBLs
• is able to report spam to Vipul's Razor [sourceforge.net] (distributed, collaborative, spam detection and filtering network)
• personal black and white lists
• can be tuned for particular filtering (changing scores etc.)
• can be used for a whole [taint.org] domain/network

...the best thing is that you don't have to perpetually update black lists of well know spammers
it is just based on content detection of spams (subject in CAPITALS; lots of exclamation marks, sp sammer X-Mailer etc.)

and it really works well

Re:Really?

[Electrum]

Oh yeah.. and then there are HTML tags that 'phone home,'

Is that true? I always thought this was some sort of urban legend. I find it somewhat hard to believe.

Sure, it's quite easy to do. Most images that load in HTML email are coming from a remote server. All you have to do is make the image come from a CGI, and tack the person's email address onto the image URL. The downside to this is that you have to send a custom email for each recipient, but half the time you do that anyway. It's a great way to see if the email is actually opened.

Re:Not from AOL, though...

[tRoll with Butter]

I'd venture to say the majority of mail you get from @aol.com never really originated from there (the spammers used a fake reply-to address). How do I know this? Because AOL has installed software similar to Slashdot's lameness filter that catches spammers and QUICKLY terminates their account. (AOL members can read about this at Keyword: Rate Limiting.) AOL used to have a really bad problem with child porn and warez, a quick visit into a few empty private rooms reveals this is no longer the case. If you exceed the preset number of outgoing e-mails in a given amount of time, *poof* your AOL account does a disappearing act right before your eyes.

So WHY are you getting e-mails with a forged @aol.com reply-to? It's simple! Many spammers simply believe that AOLers are more trusting of familiar-looking e-mail addresses, so they want their spam to appear as if it came from another member of the service. Ironically, inter-service e-mail on AOL has NO @ address on it!

Next time you see spam from @aol.com, check the originating server in the headers, you might be surprised.

Re:Spam will kill the internet

[Halo1]

Yeah, just read this: http://www.clifto.com/8345.html [clifto.com]. This guy calculates, using publicly available numbers about the amount of businesses in the USA, that even if only 1% of all *US* companies sends you only 1 message a month, you end up with 8345 ads *PER DAY* in your mail box.

So even if they'd send you only one per year, you'd still get on average about 695 ads per day. So people, instead of JHD (Just Hit Delete), please try to find the time to figure out where the spam was sent from and where the spamvertized sites are hosted and report the spammers or they things may become very ugly...

Jonas

Spam Study

[MadMorf]

I worked as a Postmaster at a Federal Gov't agency a couple of years ago.

While I was there we did several things to try and determine what kinds of messages were entering our system.

One of the things we did was to queue all incoming messages for a short period so could have a chance to look at them.

What we determined was that over 95% of all the messages we received that were larger than 1 Meg were CRAP of some sort, and definitely NOT business related.

We also tracked the number of messages per day going through the system for several months and found that just before Thanksgiving our numbers would triple and stay that way until Valentines Day...

I've been spam free for 3 years now.

[SCHecklerX]

Here's how I did it:

1. Run my own mail server
2. Disable expn (especially if you run mailing lists as aliases for somebody!!!) and vrfy.
3. Make an alias for every service that requires a mail address
4. write procmail filters that only allow mail to the above aliases if they are from the service you signed up for. If they spam you themselves, just remove the alias (I get a lot of third party spam from slashdot, believe it or not)
5. Forward mail from the account on my ISP to my real mail server
6. Delete everything that was forwarded by my ISP unless it came from the ISP themselves, or from the dyndns service (who obviously need a server other than your own to contact you through)
7. Filter other specific spams as needed in .procmailrc (stuff with no from address, stuff with no '@' in the address unless it came from your own domain, etc)

I hadn't been forwarding my ISP mail to my account for awhile. I was AMAZED at the amount of crap that came into it when I decided to check it the other day! SHEESH! 60+ mails a day on that account, ALL SPAM. MOSTLY PORNO. This on an account that I have NEVER used, let alone advertised! Of course the lack of security of the ISP probably didn't help (default web pages as the user's account id, for example)!

Damn the spam and full speed ahead!

[bigbennie]

The reason a lot of geeks receive SPAM is the same reason I do ... registration of a domain. A live email address on a domain registrar is excuse to have every cheap SPAM cannon leveled at you.

Also, folks seem a bit confused. THERE IS NO NATIONAL SPAM LEGISLATION. It never passed. Not at all. The reason a lot of spammers want to say they are in compliance with opt-out legislation is that it legitimizes their existance. Let's not forget that SPAM is STEALING. You pay for the junk mail that shows up.

Check it out here... [spamcon.org]

Re:I've been spam free for 3 years now.

[SCHecklerX]

expn = expand in sendmail. Basically, if it is enabled, somebody can telnet to your mail server on port 25 and if you have an alias that is a list of email addresses, they will get the entire list of addresses back (ie, on my mail server, they would 'expn mtb' and learn about 60 email addresses!).

Disabling expn and vrfy on sendmail is common security practice. On my Redhat 7.0 box, they were ENABLED by default. Not good.

Re:What to look for...

[gmack]

Lies lies and more lies heh

There is no law that they happen to be "complying with".

The propossed bill that they keep quoting not pass even if it had it required a valid return address wich they don't happen to supply. It's just a lame attempt at keeping you from taking action.

But yea go ahead and filter anything with that block of text.

Somethig most forget

[macdaddy]

I'm reading the previous comments and there's something I notice that's disturbing. Most are quick to say how they hate spam and how spam will kill the Internet. Many are even providing information on how to filter spam. But no one has said anything about reporting spam. If there is something going on that you're so adamantly against, why don't you LART [pacbell.net] it? Doing your own personal filtering or simply ignoring the spam (UCE or UBE) only benefits yourself and only in the short term I might add. If you take a little time to LART messages, you'll not only help get A) spammers booted from their provider, b) spam sites get shut down, and c) companies that use a spammer's services to find a better way to advertise, you'll assistant in decreasing your's and everyone else's future spam. Examine the headers. Learn the signs of an open relay. Check for and report open relays. LART the abuse and postmaster addresses of the owner of the IP, the provider for that netblock, the owners (and sometimes providers) of the spamertised sites in the spam, CC uce@ftc.gov, and CC NANAS (news.admin.net-abuse.sightings) so that there is a record of spam for others to confirm that they aren't the only ones getting a particular spam. Also include the FDA on spams that say things about prescription drugs without and prescription or other FDA-related topics. Also include the US Secret Service on Nigerian Money scams. The SEC also accept reports of stock market scams. There is a plethora of things you should do with the spam you receive. Doing nothing with it is the real crime. I strongly recommend you become a member of news.admin.net-abuse.email and follow the discussions there. There are many spam FAQs floating around. Do you part to help other fight spam.

I filter spam based off of numerous DNS blacklists. I also have an extensive list of spamming domains and spam supporting providers that I blacklist. Last week I rejected 95,837 pieces of mail from just one of my servers that I deemed to be spam. If people didn't report that spam to the maintainers of the DNS blacklists, I would have to rely on my own access lists to reject spam. This colaborative effort really works.

Re:Spamcop.net seems to have worked for me..

[Tyrall]

SpamCop [spamcop.net] is a useful tool, both from a user's and from a system administrator's point of view.

Having used SpamCop from both sides (I work for a national ISP), I can't recommend it enough. The admin gets all of the pertinent information in a single mail, and the user can get feedback as to whether the issue has already been solved.

Julian (the guy who runs the service) is particularly helpful, and open to suggestions.

Re:Help me! They are using our Email!

[inkydoo]

If you are in the US of A, there is legal precedent that such forging of From: headers is damaging to the forged domain. You might want to look at The flowers.com case [mids.org] for more info.

Essentially they argued that they had to spend time dealing with complaints and calculated the cost of that lost time. They didn't even argue for damage to their reputation, which I think could have lead to an even bigger penalty.

Hell...

[PlaysWithMatches]

It's gone up by 650% for me in the last month. I get about 20 spam messages an hour, ranging from breast enlargement ads (I'm a guy, btw), to fixing my credit (which is already perfect).

Fortunately, there was an easy solution. I just added Pine filters for these words in the "from" address: deal, offer, bargain, save, money, and winner. That cut it down from ~20 an hour to maybe 3 random e-mails a day that slip through. :P