Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Spam

Collateral Damage in the Spam War 375

Posted by Hemos from the when-defensive-measures-go-wrong dept.
MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry. " I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.
This discussion has been archived. No new comments can be posted.

Collateral Damage in the Spam War More

Collateral Damage in the Spam War

Comments Filter:

  • Network Solutions, One domain per user? (Score:5, Insightful)

    by dada21 ( 163177 ) <adam.dada@gmail.com> on Friday July 12, 2002 @12:37PM (#3871507) Homepage Journal
    The only people I got spam from was from the e-mail address I used to register domain names with through netsol.

    I dumped that address (100 spams a day).

    What I've done is registered a domain name (say fatgeeks.com) and when I have to use my e-mail address at a website, I'll append the website to the user name, such as:

    dada_slashdot@fatgeeks.com

    or

    dada_msn@fatgeeks.com

    When spam appears, I kill off that user name (very easy to do in any POP3 e-mail program) and then go to the website that sold my address and yell.

    This helps track websites that "lie" about reselling your e-mail address.

    No spam. No collateral damage.

  • Isn't it ironic (Score:4, Insightful)

    by iONiUM ( 530420 ) on Friday July 12, 2002 @12:39PM (#3871529) Journal
    but I still have to ban domains like yahoo.com
    Does anybody else find it funny that this article is from yahoo.com?

  • Re:Network Solutions, One domain per user? (Score:3, Insightful)

    by Mr_Silver ( 213637 ) on Friday July 12, 2002 @12:50PM (#3871610)
    This helps track websites that "lie" about reselling your e-mail address.

    Is there a page out there that details which websites sell your email addresses? It would be rather useful.

    Personally I nominate hotmail.com - unless you're telling me that ibtagmrq@hotmail.com is a popular name.

  • Cloudmark is a P2P Spam Eliminator (Score:2, Insightful)

    by TheCodeFoundry ( 246594 ) on Friday July 12, 2002 @12:55PM (#3871657)
    I've been using a beta of Cloudmark's SpamNet [cloudmark.com] for about a month with no false positives. Seems to do a good job, plus you can mark SPAM that you might get and it will update it on everyone's (that is using SpamNet) spam signatures.
  • I've had a number of people complaining about spam email originating from our server. A quick look at these emails from somebody who knows "a little something" about email shows that the email was an almost guaranteed forgery...the mail servers that relayed the message had nothing to do with us, besides which the user does not exist on our servers and the domain they sent from belongs to developers I know wouldn't fool with this stuff.

    And yet, the damage has been done. These users don't trust me as a provider even when I explain how we lock down our server & prevent spam. They don't trust our domains, which means they block the ip -- an ip which may be mapped to 50 or more virtual sites. And all of this because our domain was the root of it all...a simple forgery that no email client really checks for validity because internet mail is designed to bounce anonymously from server to server. I've gotten spam that was "sent" from my own email address...which is silly, because why should I trust a company's services when they try to convince me _I'm_ marketing to myself?

    What email needs is a set up like SSL -- a trusted third party to verify the validity of an email from a key generated by the sender when the receiver gets the mail. If the sender proves to be a spammer, the third party drops support...and charges a large fee for breaching a contract. We need this to occur without unwieldy programs (PGP) or user eductation...just some way to get a lock in the corner of a user's screen to let them know for a fact that user X sent message Y, and that if it was unwanted they have a recourse.

    This new "Secure mail" could become popular very quickly, as many companies that communicate solely over email could use the security that nobody can send an email as ceo@trustycorp.com without the server's permission. The key is ease...SSL may have its problems (certs kind of expensive, monopoly of cert providers due to reliance on deals with certain monopolistic browsers, slowwww responses) but it has become a mainstay of secure communications for people who understand it (unlike my wife, who despite a BS in chemical anthropology believes that submitting her credit card via SSL over WEP 802.11b means a guy with a ham radio can read her number, so she places orders via cordless phone instead). Mail hasn't significantly changed in ten years...maybe it's time for smail!

  • New approach (Score:2, Insightful)

    by Rupert ( 28001 ) on Friday July 12, 2002 @01:11PM (#3871763) Homepage Journal
    Maybe we could get a mainstream news source to report that terrorists are using spam to communicate with each other. That would get it banned instantly.

  • Re:Network Solutions, One domain per user? (Score:1, Insightful)

    by Anonymous Coward on Friday July 12, 2002 @01:11PM (#3871768)
    I used to do this but stopped for one reason: Especially when registering online, I don't want to give out more information about me than what they already have or require. A mail address with your own domain gives them your full address, backup email address and phonenumber (depends on the registry). These pieces of information are probably not harvested right now, but they definitely could be. Since most users who use this scheme have their mailserver in catch-all mode, some software could also check for the service name and remove it before selling the address. To make this really failsafe, you would have to generate random addresses, put them in a database together with the associated service name and reject mails to addresses which are not in the database.

  • false positives don't affect me...much... (Score:2, Insightful)

    by mddevice ( 74422 ) on Friday July 12, 2002 @01:41PM (#3871971)
    I personally check my spam folder many times a day, so it's no big deal if I get a false positive from spamassassin. "But what's the point in a spam filter at all if you check it all the time", you ask? For me, the annoyance of spam is getting interrupted by the delicate chimes that announce your new mail, and then racing excitedly to your mail app only to discover that a HOT TEEN is waiting for YOU! I don't mind sorting my spam folder, so long as it's on my time and not interrupting something important. I usually do it anytime I get any legitimate mail, so it's rare that there's more than 1 or 2 emails in the folder. A false positive will usually just result in delaying me from reading someone's mail for a few hours.

    If I got so much spam that this system became unwieldy, I would probably set up several spam folders corresponding to the spam level assigned by spamassassin. Anything between 2-5 would go in a folder that I check whenever I get a real email, because a false positive is almost guaranteed to be below 5. Anything over 5 is pretty much guaranteed to be legitimate spam, and I would check that every few days. I don't do this, however, because I simply don't get the 100+ spam emails a day that the ./ editors claim.

  • spamcop.net thoughts. (Score:2, Insightful)

    by joeldg ( 518249 ) on Friday July 12, 2002 @02:08PM (#3872151) Homepage
    Buy a new domain. Start receiving 60 spams per day on each email, even though you have not posted them anywhere yet. Start reporting them to spamcop.net for some reason spamcop decides that it is a good idea to check the box next to *your* service providers name automatically. Sends report to my service provider. My service provider in getting so many of these all the time, don't bother to look at them and realize I am the one reporting this crap. My domain hosting is turned off without warning or even an email explaination of why. Total time.. one week. On a bright note, I talked with them and they went and looked a the reports and realized the error and turned my account back on within one hour. But still.. this should *not* have happened.. Yea.. Collateral damage (to myself)

  • Do you punish the innocent to get at the guilty (Score:4, Insightful)

    by btempleton ( 149110 ) on Friday July 12, 2002 @05:01PM (#3873481) Homepage
    What amazes me about the spam fight is how much it has led people to promote the idea of punishing the innocent in order to get at the guilty.

    People who would have fought with vigour against punishing the innocent in other fields seem willing to give it up, in of all places, the free speech question of who can email whom.

    Yikes. We are willing to let murderers go to make sure we don't punish the innocent. Yet for some reason spam makes people think it's OK to trample on the free speech rights of the innocent to get not a murderer, but a spammer. I hate spammers as much as anybody -- I get 120 per day -- but let's keep them in perspective.

    The most common justification is the canard that it's not about speech it's about property. Problem is all use of the internet involves using somebody else's property. On the internet there is no speech without the use of other people's property, and thus no unsolicited communication without the unsolicited use of somebody else's property. This makes it very tough to solve by thinking of it as a property issue.

    There are other, better methods that don't generate false positives or generate extremely few. I've written extensively on them.

Slashdot Top Deals

Suggest you just sit there and wait till life gets easier.

Close