Forgot your password?
typodupeerror
Spam

SpamNet: Razor for the Masses 256

Posted by CmdrTaco
from the isn't-that-cool dept.
UCRowerG writes "From CNET News on Yahoo!: "Conceived by Napster co-founder Jordan Ritter and open-source developer Vipul Ved Prakash, the company is touting the benefits of democracy, networking and collaboration in the war against unscrupulous e-mail marketers." " Since Prakesh is responsible for Razor, hopefully there will be Linux support as well, but once again I gotta throw my props at Spamassassin which catches over a hundred spam for me each day.
This discussion has been archived. No new comments can be posted.

SpamNet: Razor for the Masses

Comments Filter:
  • by Hatechall (541378) on Wednesday June 19, 2002 @10:36AM (#3728955) Homepage
    Spam is the only mail I get...makes me feel part of something greater than I.
  • by Bilestoad (60385) on Wednesday June 19, 2002 @10:38AM (#3728969)
    And the first thing the story about the spam-battling startup does is to load some popup advertising.

    Wonderful.

    • Yeah, except that you choose to come here. You've got the option to not read Slashdot.
    • And the first thing the story about the spam-battling startup does is to load some popup advertising.

      Simple solution: Use Mozilla, and turn off unrequested popups. I haven't seen one in months.
      • Simple solution: Use Mozilla, and turn off unrequested popups. I haven't seen one in months.

        Or if you want to keep using the IE engine for compatibility, you can try out Crazy Browser (http://www.crazybrowser.com/ [crazybrowser.com]). It's a tabbed browser using the IE engine and it can easily disable popup ads.

        Or you can install Proxomitron (http://www.proxomitron.org [proxomitron.org]), it's a wonderful free http proxy that filters out most ads including the annoying pop ups.

        I use both when I'm forced to use Windows (at work).
        • Or if you want to keep using the IE engine for compatibility

          Translation: If you want to keep seeing poorly-coded sites remain poorly-coded sites, use the IE engine.

          The more people that use Mozilla, the more web designers have to code for standards compliancy. Using IE or IE's engine will only result in a monopoly on the web.
  • Plural (Score:4, Interesting)

    by richlb (168636) on Wednesday June 19, 2002 @10:39AM (#3728981)
    ...which catches over a hundred spam for me each day.

    Is the plural of "spam" really "spam"?
    • Is the plural of "spam" really "spam"?

      No, you have to repeat it.

      E.g: "Spam, spam, spam, spam; spam, spam, spam, spam; lovely spam, wonderful spam..." (etc.)

      (You really need the Vikings to appreciate this).
  • Bandwidth (Score:4, Insightful)

    by Iscariot_ (166362) on Wednesday June 19, 2002 @10:41AM (#3728998)
    Think of all the Bandwidth wasted on spam. (Downloading, and sending.) Before my cable provider charges me for spending too much time on the net because I'm using their precious data lines, I think they should get rid of those spammers.

    Rather than a client side tool like SpamNet, I'd like to see something that sits along side mail servers.

    Stop the spam before it gets sent!
    • That would be spamassassin. Works great for me. I catch over 95% of my users' spam, with only a single known false positive after three months of use. Combined with Vipul's Razor, it contributes to others' ability to catch spam, as well.
    • Their method depends on a web of trust, with trusted users defining what's spam and what's not. So it makes sense to have something running on the user's end. Also, most users don't have any way to convince their ISP to put anything on the server side.
    • We implemented Spamassassin at our ISP and people actually called up complaining that they were not receiving their junk mail (yes, they wanted it).

      So we took down the system-wide implementation and now protect domains and users on a customer-by-customer basis (when they ask for it).

      Makes me wonder if some sick individuals out there love getting telemarketing calls? Different strokes for different folks, I guess.
    • The guy who co-founded Napster, software whose focus it was to allow the unlawful distribution of copyrighted material, is now trying to fight something else that's every bit as troublesome.
    • Rather than a client side tool like SpamNet, I'd like to see something that sits along side mail servers.

      Absolutely!

      I think that we could dramatically reduce the amount of SPAM out there is we did the following:

      All SMTP servers should do a reverse lookup on the IP address of any host that attempts to deliver mail to it, and require any host attempting to send mail to it to identify it's domain. If the domain the mail server provided does not match the domain the IP space is registered to, the mail server should refuse to accept the message and drop the connection.

      Since most of the SPAM I receive comes from non-existant domains, I think that something like this could help.
    • Think of all the Bandwidth wasted on spam. (Downloading, and sending.)


      Hmm... Ok.
      Average size of spam, under 10K.
      Average number of spams per person per day, under 10.
      Bandwidth per person 9.26 bits per second.

      Holy cow! 9.26 per second, why that works out to almost a quarter of a million dollars per month,
      when you multiply it by 100,000,000 users,
      Why, that would be nearly five cents per person per year - goodness.

      Sorry, I do feel for the people who pay for tbe bandwith spam uses.
      But I feel more for the people who lose time because of reading it.

      -- this is not a .sig
  • Signatures? (Score:2, Interesting)

    by MarvinMouse (323641)
    Just as a curiousity, are these signatures just checksums, or are they a more complex algorithm?

    I would be interested to learn how these signatures are generated. Since if they are checksums, it will be reasonably easy to defeat (just change one letter in each e-mail message), but if they are something more complex it might become more difficult.

    As well, it might prevent good mail from coming through if these signatures are too simple.

    Anyone know details at all?
    • Re:Signatures? (Score:4, Informative)

      by torpor (458) <jayv.synth@net> on Wednesday June 19, 2002 @10:52AM (#3729109) Homepage Journal
      Its way more complicated than that. Just read the "whats new" page for a good summary:

      http://razor.sourceforge.net/docs/whatsnew.html

      I'm frankly quite happy to see Razor come to fruition.

      I had exactly the same idea for how to do this (with distributed signature databases) in '93 when I started a well known ISP. The plan was to offer spam-killing as a second-tier service to offer our customers, but alas: at the time, it was considered by management (read: VC) more profitable to allow open spam relays to our subscribers than it was to try to get subscribers to pay for a service like this, so the implementation details went nowhere.

      Excellent to see it come to light in the form of working code, OSS style.
      • Re:Signatures? (Score:3, Informative)

        by ftobin (48814)

        Excellent to see it come to light in the form of working code, OSS style.

        Only the client of Razor is OSS. The author has explicitily stated that the server will not be released under an Open Source license. This is exactly why I'm implementing Pyzor [sourceforge.net], which is a razor-like system but where both the client and server are released openly under the GPL.

      • Its way more complicated than that. Just read the "whats new" page for a good summary:
        http://razor.sourceforge.net/docs/whatsnew.html

        Actually, the version 2 protocol has been in use for some time. On my system, where I installed Razor in February 2002:

        paul@wallace ~ > razor-check -v

        Razor Client Tools 1.19, protocol version 2
        Shame on me. Apparantly I missed Vipul's announcement four days ago [geocrawler.com] that everyone needs to upgrade to version 2.06.

        Eventually, Razor is going to use the Nilsimsa Hash Algorithm [shinn.net], which is supposed to be able to detect spams where the spammer made only a minor change to avoid being matched against previously transmitted copies. The Razor V2 protocol [stearns.org] has support for this hashing algorithm and others. Who knows, maybe they're already implmented it? Ought to take a peek at the perl code sometime....

  • by dzym (544085) on Wednesday June 19, 2002 @10:42AM (#3729005) Homepage Journal
    According to README.Debian ...
    SpamAssassin is compatible with Razor, an online spam database. Get the package razor, maintained by Robert van der Meulen.
  • by SkyLeach (188871)
    If it works anything like existing P2P networks then It will take about a week to stop each spammer and block thousands of non-spam emails simply becuse they contain the same words commonly used by spammers.

    :-)
  • Here's the URL... (Score:5, Informative)

    by EnglishTim (9662) on Wednesday June 19, 2002 @10:42AM (#3729015)
    http://www.cloudmark.com/ [cloudmark.com]

    ... because the guy who posted this obviously couldn't be bothered....

  • So, does anyone actually know of a package using Vipul's Razor or similar that works on Windows and does not require me to switch to a MS product?
  • >"Prakash drew inspiration for the company from the sci-fi novel A Fire Upon The Deep, by Stanford computer science professor,
    >Vernon Ving, who wrote about a router the size of a planet "that could filter spam," Prakash said. "

    Wow, I bet Vernor Vinge is happy about that one!
    • I cringed when I read that, but it's really cool that they cited "A Fire Upon the Deep". That was one badass book. Even if his galactic USENET doesn't make too much sense the way it's pictured in the book, the idea of an entire planet whose economy is based around routing network traffic is way cool. Vinge's is probably the most fascinating portrayal of a civilized galaxy that I've read, and (despite his odd contrivances, which I won't give away here) one of the most realistic. Certainly far more original than a "Galactic Empire".

      Okay, I'm through trolling for Vinge. Anyone know of sci-fi works of comparable merit published in the past decade? I'd given up until I read his last two...
  • Link Ranking Wars (Score:3, Interesting)

    by Alien54 (180860) on Wednesday June 19, 2002 @10:45AM (#3729042) Journal
    I figure that there are so many spammers ....

    what if they got into the system and overloaded it while still small so as to promote their own links and to discredit the project? Just a wild thought, not that they would ever be that organized.

    I am thinking of the recent Google ranking wars, for example.

    for most folks using it, it would be enough to put them off their feed if the spammers polluted the data pool early and strongly enough. Presuming that the average user was not an expert user.

    I see this as part of a larger problem of people pushing competing viewpoints on the web.

    Alledged nasty group "A" against alledged heroic group "B" - gets messy when things like politics and religion get involved.

  • SpamCop (Score:4, Interesting)

    by Mwongozi (176765) <(gro.revolgdivad) (ta) (eerhthsals)> on Wednesday June 19, 2002 @10:46AM (#3729057) Homepage

    My e-mail is currently hosted at SpamCop [spamcop.net], who do a pretty good job of filtering out spam before it even reaches my mailbox. They shunt spam into a seperate folder using the excellent SpamCop blacklist, and can also optionally use additional blacklists including SPEWS, Osirusoft, ORDB, Spamhaus, Monkeys.com, etc. etc.

    Combine that with POP3, IMAP, and web access, and also the ability to suck mail out of existing POP3 accounts and I think it's excellent value.

    No, they're not paying me to say all that, I'm just an extremely happy customer. :)

  • by chowbok (467829)
    It's straight procmail, not perl-based. The main problem with it was that it hadn't been updated in nearly a year, but a new version finally came out last Friday.
  • Hey Ximian! (Score:4, Interesting)

    by SLot (82781) on Wednesday June 19, 2002 @10:49AM (#3729080) Homepage Journal
    This would be a welcome feature addition for Evolution.
    • Re:Hey Ximian! (Score:4, Informative)

      by Azog (20907) on Wednesday June 19, 2002 @01:33PM (#3730380) Homepage
      Yes, it would be AWESOME if Evolution just had a checkbox in the mail preferences dialog where you could turn on SpamAssassin or other filtering programs.

      However, I have SpamAssassin working with Evolution now. It was kind of a hassle to set up but it works... here's the overview:

      - get and install SpamAssassin, test that it works by piping a good email and a spam email through it
      - check that my fetchmail works, write a .fetchmailrc file
      - check that my procmail works, write a .procmailrc file
      - disable the regular pop mailboxes in Evolution
      - add a new "local delivery" mailbox to Evolution
      - wrote a tiny script I called "getmail" that does "fetchmail -m procmail" and make sure that it gets my email from the POP3 server correctly
      - added the getmail to my crontab to run every 5 minutes
      - added a filter rule to Evolution: if specific header X-Spam-Flag = YES, drop the email in my Spam folder

      and that was it. :-/ No more spam! But you can see why having this integrated into Evolution would be nice.


      - - - - my .fetchmailrc - - - -
      poll mail.arnor.net
      user "slashmail" password "secret" is user "thoffman" here
      - - - - my .procmailrc - - - -
      :0fw
      | spamassassin -P
      - - - - my "~/bin/getmail" script
      #!/bin/bash
      /usr/bin/fetchmail -m /usr/bin/procmail >> ~/log/fetchmail
      - - - - - my crontab - - - - -
      */5 * * * * /home/thoffman/bin/getmail
      - - - - -
  • masses = outlook (Score:2, Insightful)

    by rainTown (536725)

    The company does face challenges. It is charged with transforming a tool that's geared for a small Unix developer community into a product for the masses....

    Cloudmark's solution requires a free plug-in that plays a minor role in the background of Microsoft's Outlook, the only e-mail client that the product is currently available for.


    hmmm having to choose between the lesser of two evils : spam or viruses, i dunno...
  • by intuition (74209) on Wednesday June 19, 2002 @10:52AM (#3729108) Homepage
    Vipul's razor uses something they call "Nilsimsa" fuzzy signatures.

    The signatures are used to determine how "close" the email that your are testing is in content to known spam. The source code of this hashing algorithm is publically available.

    If this network ever became a real problem for spammers, they will simply use word substitution algorithms or any other number of simple methods to change the email until the nilsimsa's signatures are not close enough to flag the email as spam.

    This was the problem with Vipul's razor version 1.0, which was discussed on slashdot, and this remains the problem in Vipul's razor 2.0

    • by Matts (1628) on Wednesday June 19, 2002 @12:44PM (#3729929) Homepage
      Disclaimer: I'm one of the SpamAssassin developers.

      I'm not really sure how Razor2 is managing to use Nilsimsa (and despite Vipul saying that Razor is open source, we don't get to see the server, so I can't find out easily).

      When I did testing of Nilsimsa for SpamAssassin it turned out that in order to be able to use Nilsimsa you have to use a special comparison function over every single nilsimsa hash in your database. This basically became unusable at about 50K signatures, as when you received an email, you first had to hash it with Nilsimsa, but then you had to use nilsimsa_compare (or whatever the function was called) on each and every one of those 50K entries.

      I'd really like to hear how they're doing it. Perhaps Vipul found some way of indexing the search so it wasn't a full scan. If anyone follows the Razor lists and knows how it works, please share.
      • There are faster search algorithms than the obvious linear search. The creator of nilsimsa suggested one, and I implemented it to see how fast it was. I found it would be workable [dynip.com] for a DCC-like system holding on to 2 million digest codes at a time, handling about 3 million messages a day. The server would need about half a gig of physical memory to retain the entire database in memory. Since a Razor system only holds spam digests rather than the digests of all mail, I imagine it'd be OK for that, too.



        I BSD-ified my example code so if anyone wants to use it, feel free.

  • Yahoo and CNet, I mean.

    Cloudmark [cloudmark.com]
    Brightmail [brightmail.com]

    It doesn't work with Outlook Express 6 so I'm in no position to test it :(
  • by waldoj (8229) <waldo.jaquith@org> on Wednesday June 19, 2002 @10:58AM (#3729149) Homepage Journal
    I've run both Spamassassin and Spambouncer. For the curious, I prefer Spamassassin, and here's why.

    I was very impressed with Spambouncer. It was the first spam-heuristic system that I'd used (previously, I'd relied solely on MAPS, ORBS, ORDB, RBL, etc.), and I was very impressed. I found that it rejected a lot of legitimate mail until I grepped my "Sent Items" folder, extracted every "To" field and made that my white list. (The assumption being that if I've e-mailed somebody, I don't mind hearing from them.) That worked very well, and I was happy with Spamassassin. The odd piece of spam would get through, and I still had 1:100 legitimate messages get put in my spam folder. But it made my life much simpler.

    Then I tried Spamassassin. The big reason was because I wanted to take part in Razor and know that I was a part of a collaborative process. Also, Spambouncer hadn't been updated in months, which struck me as odd. But I also just wanted to try something different. I found that Spamassassin was better. Not in a way that made Spambouncer look bad, it was just clear that Spamassassin was a superior product. For example, Spamassassin provides a complete scoring in the headers, so you know exactly what criteria caused the message to be block. And I never had to set up a whitelist -- it just works. I still get that tiny little bit of spam that gets through, no more or less than with Spambouncer, but that's really not a complaint. It's very, very rare that a legitimate piece of mail gets caught up in the system. Best of all, the nonexistent addresses on my system that spammers have somehow discovered (big@waldo.net, aldo@waldo.net) can be forwarded via my aliases table to Spamassassin's (Or is it Razor's? I forget.) server to be automatically added to their honeypot collection.

    I'll stick with Spamassassin, I think. It appears to be the most mature, stable, simple, straightforward spam filtering product available today. For those looking to set up server-side spam filtering, I highly recommend it.

    -Waldo Jaquith
    • by rw2 (17419) on Wednesday June 19, 2002 @11:35AM (#3729423) Homepage
      I'm a big fan also, in fact I introduced Taco to it. Folks interested in what the heuristics produce in terms of distribution of SA scores can view a graph of my logs [wellner.org]. The three lines are the commonly used thresholds for deciding whether a mail is spam or not. Most folks run at 5, but some that are more paranoid about false positives run at 7 or 10. Myself, I find false positives to be practically non-existent and run happily at five. The missing data is just because I didn't keep statistics on non-spam mails until I had been running for a couple weeks.


      Now for a commercial. Craig Hughes has formed a company [businesswire.com] to bring spamassassin to outlook users . And I'm setting up a hotmail like service at spamassassin.net [spamassassin.net] to help users that don't have the time or ability to setup spamassassin themselves.

    • I found that it rejected a lot of legitimate mail until I grepped my "Sent Items" folder, extracted every "To" field and made that my white list. (The assumption being that if I've e-mailed somebody, I don't mind hearing from them.)

      I use TMDA [sf.net] to handle people sending me return mail. TMDA lets me create return addresses that will work for a certain amount of time. During that time, when email is sent to that address it will go through. After that time, I can do lots of things. I can bounce the email, silently drop it, or request confirmation. Confirmation is the process that takes place whenever someone unknown to me send me an email. Once confirmed, that person becomes known and will not need to go through confirmation again.

      TMDA is like a firewall for my mailbox. If I send an email, replies will automatically work. Otherwise, you are required to authenticate yourself before you get in. I use it in conjunction with spamassassin. I like spamassassin. It works great, but it's not 100%. TMDA, so far, has been 100% effective at blocking spam, while letting legit email through.

      And TMDA is a server based system. So it's possible to set it up to work with any email client that send email through the server. So it'll work for your unix clients or your windows clients...

      Check it out.

    • Best of all, the nonexistent addresses on my system that spammers have somehow discovered (big@waldo.net, aldo@waldo.net)

      They just scan /. Bam! Discovered! :)
    • I'm currently using spamassasin with procmail to filter spam, which is nice, but it has introduced another failure point.

      Basically, I forward all my e-mail from an e-mail gateway to my own box, run spamassassin, and then forward it off to my IMAP server (the gateway and IMAP server are out of my control).

      What I would like is to run a cron job, look at what's already in my IMAP inbox, examine the new messages, and put them in an appropriate folder if they are flagged. I also have co-workers who's gateway and IMAP server are the same, so they are SOL at the moment. A solution like this would work great for them.

      Now since there are Perl front ends to both IMAP and Spamassassin, what I want to do shouldn't be that hard to write, but has someone else already written it?
    • I took a look at spamassassin a few months ago and also thought it looked like a great package.

      However, it makes the assumption that the UNIX box it is running on is the final destination for the mail it tags.

      My frustration is that I have postfix running on my Internet mail gateway, sending mail internally to our MS Exchange server. This is the Way of the Corporate World, and no amount of bitching and moaning will change it. It's nice to have postfix on the outside; I trust it. But Outlook/Exchange is the way I, my users, and most companies interface with email.

      However, I've yet to find a good way to have spamassassin tag the mail on the way through the postfix server. Sounds relatively trivial, but nothing that was out there when I last looked was simple to configure or reliable.

      This has *got* to be a common situation for many of us. Is there a Good Solution yet for those of us who'd love to use spamassassin but can't run it on the final mail server?
  • by WG55 (153191)

    Are client-side spam filters a good idea any more? It seems to me
    that if I have to reject spam at the client end, the damage has already
    been done, in that I have already paid for the spam coming through
    the network.



    Lately I've started actively finding the source of the spam and
    alerting the postmaster that their server has been cracked. Am I
    wasting my time, or should I just be deleting the stuff without
    worrying about it?

    • The bandwidth spam uses is a bit of a myth. At the ISP I work at I did some bandwidth tests, and while the testing showed that numerically, spam made up 20-30% of the email, bandwidth wise it only made up about 0.5%. Mostly it's due to people flinging around word documents and pictures and multimedia.
  • Only 700 (Score:2, Funny)

    by Launch (66938)
    "700 per person this year. "

    are you kidding me... my hotmail acct gets over 100 a day... At least I know for every week I keep that e-mail address some lucky guys doesn't get spam for a whole year... But then again he isn't going to get his college degree from a non-acredited college or meet girls that just turned 18 and decided to put a webcam in their shower... and let's not forget the 1000s I'm gonna make when this african prince moves all his money into US banks.
  • by Martin Spamer (244245) on Wednesday June 19, 2002 @11:19AM (#3729299) Homepage Journal
    This is unsolicited bulk/commercial/junk email, it is not Spam and these are not Spamer's, Spamer is a proper surname, my surname.

    Now experience has told some will not believe this and think it's a troll so 1) check my posting history, I don't troll and 2) here is my entry in the UK online phone directory.

    http://ukphonebook.lycos.co.uk/servlet/Search?sk in =lycos&type=residential&pagesize=10&name=Spamer&lo cation=Hull&initial1=&initial2=

    Yes, my name really is Martin SPAMER;
    Yes, it really p!$$ me off when people abuse my name;
    Yes, it does cause me no end of grief;
    Yes, I've heard all the wise cracks before;
    No, I don't find them funny.
    No, I refuse to be bullied into using an alias, how would you feel if I equated your name with thieving scumbags.

    So if you wish to get on my bright side, do not use the term Spam or its derivatives use the term(s) unsolicited [ commercial | bulk | junk ] email.

    thank you.

    Martin Spamer
  • "Razor for the Masses"

    I was thinking one of the silly metal scooters...

    -Pete
  • by pjrc (134994) <paul@pjrc.com> on Wednesday June 19, 2002 @11:21AM (#3729323) Homepage Journal
    I've been using Razor with Spamassassin for many months. All you need to do it install the razor package (and the various perl modules it wants), and then add a line like this in your .spamassassin/user_prefs file:

    score RAZOR_CHECK 5.0

    I've also got the other "network tests" enables (blacklists), but I assign them low scores since they have a lot of false positives.

    Using spamassassin with razor and the blacklists really works. My spam file has 836 spams automatically filtered between March 1 to today, June 19. Of those 836 messages, 511 have the RAZOR_CHECK string in the "X-Spam-Status" line that spamassassin adds to the header.

    Not too bad, considering Razor uses a rigid message digest that fails if the spammer adds any "random" content to the messages. Saddly, it seems like that's becoming more common. Rumor has it that Razor is someday going to use "fuzzy" matches with one of two algorithms that somehow accomplish such a feat. Anyone know when/if this is supposed to happen??

  • I always wondered, what if someone start sending real emails to razor? Say, the boss sends email tomorrow prepare for xyz", and I don't want thers to receive the email? I just quickly bounce it to razor, and (part of) my coworkers who use razor ll now not see the announcement.

    Can Razor really avoid this? (I'll submit the email using different accounts if razor asks for more than one submission; I'll setup the accounts to bounce all spamassassin-filtered email to razor too, so that Razor thinks the accounts are serious spam-cops).


    Or am I missing something?

  • Is there a Spamassassin/Razor type product that works with OutlookExpress for Windows?

    Unforunately Cloudmark's Spamnet [cloudmark.com] only works with Outlook, not OutlookExpress.
  • by Chmarr (18662) on Wednesday June 19, 2002 @12:33PM (#3729813)
    I use Spamcop to filter my incomming mail at the MTA level, and I've been exceedingly happy with it. Apart from one or two that 'slip through', the only spam I receive nowdays comes through MTAs I have no control over.

    Quick brief on how it works. There are two portions:

    - Reporting tool, that allows you to forward spam to SpamCop for analysis. This will pick apart the headers and body, find out where the spam originated from (even if it's gone through legitimate relays and aliasing systems, such as mailing lists), and will send complaints to the relevant owners of the IP block owners, MTAs and web sites. It does a VERY good job of figuring out who's responsible.

    - Blocking tool that uses a RBL-style blocking list, which lists IP addresses of spam originators. If enough spam gets reported within 24 hours, the IP sending the spam gets added to the list. You can use this to block addresses where spam has originated from so you dont even receive the spam. People get their IP addresses unblocked only if spam stops being sent from that IP.

    The system is very good. It relies on you and others reporting spam to SpamCop in a very workable collaberative effort.

    http://spamcop.net/ [spamcop.net]
  • LART THE ISPs! (Score:5, Interesting)

    by wowbagger (69688) on Wednesday June 19, 2002 @12:33PM (#3729820) Homepage Journal
    The single best thing all of us who know how to run traceroute and whois can do is LART THE ISPS THAT HOST SPAMMERS!

    I've been forwarding every spam I get that come from a Verio hosted site, or spamvertises a site hosted on Verio to Verio and their parent company, NTT. I'm using bitch-list.net to do so, since they have a bazillion email addresses for Verio. I make sure the email has the spam attached, and since Verio has claimed the cannot read attachments (***cough***BULLSHIT****cough***) I also paste the mail headers into the message, along with a WHOIS and traceroute showing it to be a Verio customer. When they complain, I tell them "MY message isn't spam - your customer contacted me, so a prior business relationship exists. You want it stopped, stop the spammer."

    I won't say it is working, but if 10% of everybody who got these spams did as I do, then Verio's help desks would be so clogged that they couldn't HELP but see the damage on the bottom line.
    • This is exactly what I do... plus use spamassassin, four RBLs, and block on sending domain *just* before RCPT, I can block a whole lotta crap.

      Examples:
      2002-06-17 00:05:50 recipients refused from H=f195.law12.hotmail.com (hotmail.com) [64.4.19.195]
      2002-06-18 07:18:21 17KH08-0006Zo-00 mx02.hotmail.com [64.4.55.135]: Connection refused

      A combined use of measures *really* does work to reduce my spam intake.
  • Check out Blackhole [groovy.org] by the Groovy Organization, which integrates really well with Qmail but will work with just about any MTA. I found SpamAssassin's documentation to be mediocre at best, and had a helluva time getting it operable. Blackhole worked right off the bat for my Qmail/Courier IMAP/OpenBSD 3.0 setup, and can use Razor amongst other filtering methods. The software is constantly updated, and the developer plesant and responsive. Give it a try!
  • by Moderation abuser (184013) on Wednesday June 19, 2002 @12:44PM (#3729924)
    Pyzor works in a very similar way to Razor, but the client and server are open sourced. The Razor *server* is not open sourced.

    http://pyzor.sourceforge.net/

    Oh, BTW, Spamassasin *uses* Razor.

    • One of the problems Razor has is the false reporting of mailing lists as spam. e.g. Someone continually reports the CERT advisories as spam, as a result you have to specifically "whitelist" the CERT mailing list in order to get the advisories.

      The problem is that Razor automatically trusts the spam reports. I'm not sure if that's still true of Razor 2.

      Pyzor is being designed with client authentication in mind, you'll get an account on the server and the client will authenticate itself when it connects, then your report spam will be logged against your acount. If you report mail as spam falsely, you'll lose your account.

  • I've got MailScanner...
    http://www.sng.ecs.soton.ac.uk/mai lscanner/
    ...run ning on my personal server. It's a "wrapper" for SpamAssassin and a number of server-side virus scanners. Pretty cool tool.
  • It lets through, on average, one per month.
  • I use ask (Score:4, Insightful)

    by kwerle (39371) <kurt@CircleW.org> on Wednesday June 19, 2002 @01:18PM (#3730217) Homepage Journal
    Seems to work 100%. It sends mail back to any unknown sender to confirm that they really wanted to send me email. Of course spammers never confirm.

    http://a-s-k.sf.net/
  • I prefer to block SPAM at the door with Exim. This does mean that you will have to your own MX hosting which might be more trouble than it's worth for most folks. It also requires mail filtering since you typically detect a source of spam when one ore more messages get through. After 3 months of monitoring I have collected a number of hostmask (reverse-DNS challenged hosts are automatically blocked). This collection manages to block out about 98% of all SPAM messages.. during the SMTP handshake! The remaining 2% are new messages from (mostly open Windows NT) relays that do get blocked by the other filters. Some of the more notorious and persistent sources:

    *.pacbell.net
    *.mb0?.net
    *.client.dsl.net
    *.dsl.att.net
    *.attbi.com

    Today's addition: *.passionup.com :) Given, there are still a couple of messages that pass through all the filters, but the last such message I got was about 2 weeks ago. Not fullproof, but getting htere...

    -adnans
  • I'm fairly certain that the core technologies that this service uses were patented in 1997 by Bright Light Solutions, who later became BrightMail [brightmail.com].

    Here's a snippet from their patent [uspto.gov]:

    1. A system for controlling delivery of unsolicited electronic mail, comprising:

    a communications network;

    a plurality of user terminals coupled to said communications network, each of said plurality of user terminals having a unique e-mail address, wherein each of said plurality of user terminals comprises a filtering application for receiving incoming electronic mail messages addressed to said unique e-mail address of said user terminal and filtering said incoming electronic mail messages based upon stored filtering data; and

    a control center, comprising

    a distributor for generating a probe address and transmitting said probe address to at least one site on said communications network, wherein said probe address is different from each of said unique email addresses of each of said plurality of user terminals,

    a processor for receiving electronic mail messages addressed to said probe address, and for extracting source data from said received electronic mail messages, and

    a database update signal generator coupled to said processor for generating and transmitting a database update signal incorporating said extracted source data;

    wherein each of said plurality of user terminals receives said database update signal from said control center, updates said stored filtering data in response to said database update signal, and filters electronic mail messages received by said user terminal in accordance with said updated filtering data.

    2. A system according to claim 1, wherein said user terminals filter electronic mail messages sent from other of said user terminals in accordance with said updated filtering data.

    3. A system according to claim 1, wherein said probe address is transmitted to sites on said communications network that provide address information for senders of unsolicited electronic mail messages.

    4. A system for controlling delivery of unsolicited electronic mail, comprising:

    a communications network;

    a plurality of user terminals, wherein each of said plurality of user terminals has a unique e-mail address;

    a server coupled to said communications network and each of said plurality of user terminals, wherein said server comprises a filtering application for receiving incoming electronic mail messages addressed to said unique e-mail address of each of said plurality of user terminals and filtering said incoming electronic mail messages based upon stored filtering data; and

    a control center, comprising

    a distributor for generating a probe address and transmitting said probe address to at least one site on said communications network, wherein said probe address is different from each of said unique email addresses of each of said plurality of user terminals,

    a processor for receiving electronic mail messages addressed to said probe address, and for extracting source data from said received electronic mail messages, and

    a database update signal generator coupled to said processor for generating and transmitting a database update signal incorporating said extracted source data;

    wherein said server receives said database update signal from said control center, updates said stored filtering data in response to said database update signal, and filters electronic mail messages addressed to each of said plurality of user terminals in accordance with said updated filtering data.

    5. A system according to claim 4, wherein said filtering application updates said filtering data in response to said database update signal by adding said extracted source data to said filtering data stored in said server.

    6. A system according to claim 4, wherein said server also filters electronic mail messages sent from each of said plurality of user terminals.

    7. A system according to claim 4, wherein said probe address is transmitted to sites on said communications network that provide address information for senders of unsolicited electronic mail messages.

    • I initially thought it might when I first heard of Razor, but I don't think it does.


      Upon receipt of incoming mail addressed to the spam probe addresses, the spam control center automatically analyzes the received mail to identify the source of the message, extracts and processes the source data from the received message, and generates an alert signal containing the processed source data. The alert signal may also contain filtering instructions used to enable network servers and user terminals to automatically detect spam. This alert signal is broadcast to all network servers or all user terminals, or both, within the communications network.


      Razor doesn't attempt to determine the source of a mail, it doesn't create an alert signal of any kind and doesn't broadcast a message to network servers or user terminals.

      It doesn't infringe that patent.

  • Achilles heel (Score:2, Informative)

    In an interview, Prakash and company CEO Karl Jacob said Cloudmark's software solves the problem of identifying spam and quickly updating e-mail filters by harnessing the intelligence of the Web community at large.

    Ad that is why it will never work.
  • ...while still connected in SMTP session?

    At home I've been using a system of somewhat complex Sendmail filters and header checks which validate a message's headers before the message is officially accepted (according to the client). I use this to stop spam by effectively bouncing the message even after the entire body has been sent -- but the message bounces before the (evil) SMTP session is closed.

    However, Sendmail's options for this are rather limited and at the moment I'm evaluating a Postfix/SpamAssassin/Razor setup to flag and filter spam. It seems to me that SpamAssassin can only filter messages which have been accepted by the MTA (same with Razor). To me, this is unacceptable.

    What I'd like is the following:

    Line by line checking of the SMTP session, specifically the DATA phase. If any line matches my ruleset (and thus is spam), immediately return an error code (553 you're an evil spammer) and then disconnect the client. I think Postfix allows for this but I'm not sure (Postfix says it will for a long pause prior to the error as well, which is nice).

    SpamAssassin/Razor filtering after the DATA phase (after a "." on a line by itself) but prior to the return of the message accepted code. This would enable me to still "bounce" messages directly to the sending server, while not actually accepting the message.

    Different rulesets (perhaps some global, some site specific) for different domains/addresses. Eg, I want firstsite.com to use a very restrictive check of the headers (both for proper format and against SpamAssassin), while secondsite.com only uses SpamAssassin and doesn't check for silly header mistakes.

    Right now, Sendmail does a pretty good job for me, but I have a problem with valid messages getting rejected because the sender's MTA does stupid things, like use improperly formed Message-IDs or leaves them out entirely.

  • I don't run my own mail server, and the idea of contributing to the signature base appeals to me, so I just downloaded this thing to try it out.

    Check out this excerpt from the EULA:

    Certain third-party modules may be bundled with the Software and may be provided to You subject to separate license terms, in which case they would not be covered under this Agreement. Any such separate license terms are provided in a text file accompanying each individual third-party module.

    Sure sounds like a Spyware clause to me! I'll let you know when I finish installing...

  • You don't need a fancy fetchmail/procmail setup to use SpamAssassin. MandrakeForum has an excellent HOWTO [mandrakeforum.com] on how to set it up in KMail, or indeed any MUA that supports filtering through an external process/program. Works like a charm here - I'm never looking back!
  • by m0i (192134)
    Apparently, whoever needs volume to achieve something goes the Microsoft way; in this case, Outlook users. The quickest way to achieve the critical mass required for their system to work would be to have an agreement with Hotmail, which is already probably using this technology and is self-sufficient for the task, given the volume they deal with.
    Now, why do I still get spam in my hotmail box, and why does it always come from the same sources? Do they keep their eyes closed for some specific UCE suppliers?

Possessions increase to fill the space available for their storage. -- Ryan

Working...