Collateral Damage in the Spam War 375
MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry.
" I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.
Klez virus and spam (Score:3, Interesting)
Since the Klez virus can be sent as if it was from your email address even when it has not come from your computer, is it possible that you could get put on a antiSPAM list because someone else has got the Klez virus?
Concept for Fighting Spam... (Score:3, Interesting)
The automatic reply stated that djb recieves an enourmous amount of mail, spam, and technical support inquiries. If I really wanted to e-mail him, the letter went on, I would have to reply to the automatic reply and copy in a 12 digit code which the automatic reply included.
I did that, and then recieved a 2nd automatic reply, stating that the code I entered was correct, and that djb would recieve my mail.
I imagine that a mail system setup in that regard would be the most potent weapon a mail server could utilize against spam!
The mail server could keep a database of known senders who entered the code correctly, and thereafter automatically accept their 'friendly' e-mail.
I forsee a potential abuses for this though. Annoying "spam bots" could learn to decipher the first automatic reply containing the code and then automatically send the spam, and contain the code which will allow the mail server to recieve the mail.
I would ask that if anyone knows how to install/administer the add on to qmail which performs this to please let me know! I recieve a tonne of spam, and becuase I get everything sent to the domain 'dmarien.com', I'll sometimes get upwards of 100/day.
Also, if anyone has a qmail server setup in this manner please let me know how satisfied they are with it's performance, and whether they get complaints -- and even if spam get's through -- i'd love to know.
Thanks!
Re:Sometimes "collateral damage" is intentional (Score:2, Interesting)
Collateral Damage with snail-mail junk mail? (Score:3, Interesting)
TMDA (Score:5, Interesting)
------
I highly recommend using TMDA [sf.net] on your mail server to defeat SPAM. It works by maintaining a whitelist of valid senders. If someone emails you and they are not in the whitelist, then they receive a confirmation request email. They must reply to it in order to be added to the whitelist (at which point, TMDA will deliver their original message, and allow all new ones to pass through). No having to report SPAMs, no worry of maintaining a never ending blacklist. No blocking of entire domains, no having to "sort through the spam periodically". TMDA does it all for you, putting a minor inconvenience on first-time senders.
The end result is that I get no SPAM. Zero, zlich, nada, not one -- with no effort on my part.
I believe there are other packages out there similar to TMDA that you may want to try. Regardless, I'm convinced that a whitelist-centric strategy is the way to beat SPAM.
Note: You still must take into account mailinglists or other situations where you are going to receive mail from an unknown source that won't be able to process the confirm request (such as some online purchase confirmation), and this is where qmail aliases can come in handy. Ie, justin-linux, justin-sears, etc, and just throw them away if you ever get SPAM. TMDA even has some features to help with this, such as hash-generated addresses that self-destruct after a period of time.
Still, for all other purposes you can keep your normal address. No need for SPAM armoring ever again
-Justin
Qmail (Score:3, Interesting)
Your mail server has to know who it is supposed to be delivering the mail to, and in most cases this is made available to mail filters in one form or another. Of course, if you're filtering it on the client side after it's been delivered to your mail box, you may be out of luck. (I've always been of the opinion that filtering should be on the server side, for this and other reasons, but people make do with what they can get.)
Yes, you're dreaming. (Score:5, Interesting)
I'm dreaming of course.
Yes, you're dreaming.
About one in 100 (somewhere between 1 in 50 and one in 200) people in the general population is a psychopath. This is a (set of?) brain disfunction(s) that amounts to "no conscience". (Think "colorblind" but with respect to harm-to-others. But it's not known yet whether it's genetic, foetal insult, or what.) Additionally there are "sociopaths" - similar symptoms but as a result of training and social factors rather than an organic problem.
Some fraction of these people learn a moral, ethical, or legal code to compensate for their affliction. They can become honest, productive, and/or beneficial citizens. In some positions (such as political or military leadership or business administration) they can even excell, because their judgement about actions that will hurt other people is not as biased by immediate emotional concern. But many do not learn a code (or learn a defective one). From these come the bulk of the criminals, scam artists, tyrants, white-collar crooks, and so on.
In the absense of compensation a psychopath will be looking out solely for number one. It's not well correlated with intelligence - some are stupid, some very smart. A significant number will be able to handle spamming tools, and be willing to go for the immediate benefit to them (even if it's small), regardless of the damage to others or even long-term consequences.
Yes, Virgina, there ARE evil people.
Much of the social and legal institutions of all civilizations are dedicated to the problem of this small-but-effective population of psychopaths. In particular, legal systems exist to give them a set of rules to live by, a set of personal bad consequences for violating them (so acts that harm the law-abiding become bad for "number one"), and to remove from circulation those who just don't get it.
Short of genocide against psychopaths we will continue to have a plague of spammers for at least as long as people think there's money to be made (or fun to be had) and it won't get you busted.
Fun with AI (Score:1, Interesting)
--- Brian
Collateral damage is a benefit (Score:5, Interesting)
Absolutely. Without pitting customers of ISPs against each other, i.e., the legitimate ones against the spammers, the ISPs will be happy to serve both. I'd suggest that if an ISP allows any spamming, block it -- wholesale. Either you have an agressive policy against SPAM or you lose your privilege to send mail to my servers. Your customers don't like it? Tough. Make your network spam-unfriendly.
The last thing the ISPs want is for their regular customers to be aware that they are allowing spammers to use their network. It's kind of like the phone company selling caller ID block to telemarketers and caller ID and privacy manager to residential customers. If the spam blacklists cause users to confront the reality that their ISP is knowingly hosting spammers or not bothering to monitor people sending out 10e+06 emails at a time, then they might just demand that their ISP get out of the spam business. Because unlike (most) telcos, ISPs don't have monopolies, and customers can switch.
Sign your mail! (Score:2, Interesting)
Think of a real world companies mailroom. Say it's a big company that gets thousands of letters each day. Some of it is business related and is important, some 'thank you's and 'well done's from customers, some 'your stuff sucks' also from customers and lots and lots of junk/spam/flame that is only good for recycling.
Sorting out all the mail takes time, so how do you make sure that the legit mail gets to you quick and the Spam stays in the Spam basket? Well you send registered mail. See, we know that certain mail is important when someone takes the trouble to take it to the post office and register it and pay more for it's delivery or call a courier to do the same. It's all barcoded so we can scan it, see who it's from and build a "trusted" mail list and rush it through.
Sound familiar? You bet! But the trouble is almost nobody beliefs in PGP signing their e-mail. All our mail programs can do it, but we just don't. Imagine, if it were that every piece of mail sent is signed, all we need is a simple filter to see what is spam and sort it out, dead on, with no legit mail getting junked.
Long Live /etc/aliases (Score:4, Interesting)
ebay: me
then save, and run "newaliases"
on the web form for ebay, then type in:
ebay@mydomain.net
Why hasn't email protocol been changed? (Score:3, Interesting)
Perhaps its time to write a completely new email protocol that supports these features.
I don't think it's so much to ask that when an email header says its from joe_blow@yahoo.com that it really is from that address. I understand that this would cause anonymous email to be impossible, but it should be the recipient's choice as to whether they want to use an email protocol that allows spam and anonymous mail or not.
No wonder they're complaining... (Score:3, Interesting)
btinternet is complaining about getting blocked because they don't bother to nuke their spammers. CNET doesn't verify e-mailed subscriptions, so just about anyone can sign someone else up.
Is it any wonder that they're complaining about being blocked?
"Well-researched" my ass.
Re:Network Solutions, One domain per user? (Score:4, Interesting)
Even honest companies are a problem -- i do the same trick you do, and about a year ago, i started getting porn spam to the address i used only at 1800flowers.com. They swore they didn't give it to anyone, and i believe them.
What i'm sure happened is this: Some DBA, or some temp, or whatever, did a one-line SQL query to pull out every email address in their database, and then sold that list.
So even if you trust the company to not sell your address, it just takes one bad employee to screw you over.
Of course, their database also has my credit card, so the same DBA could have run off with that. So far, i haven't had any fraudulent charges. But that's what you gotta read over every single charge on your credit card bill, every single money.
Re:Network Solutions, One domain per user? (Score:5, Interesting)
Spammers always seem to be coming up with newer and better ways to thwart our attempts to avoid them. But do the people who go to such lengths to avoid spam EVER buy anything from spammers? EVER?
I always hear "Spam works because people like your grandmother buy stuff from them, and if they get one sale, that makes it worthwhile." To which I respond, "My grandmother's alive?!" But crawling for *AT*DOT* isn't going to catch such un-tech-savvy people. Those people are going to leave their addresses unencrypted.
So let me pose this question: has spam become less a means of advertising than an all-out war, with nothing at stake other than showing that you can beat the other side?