The Measured Effectiveness of Blocking Asian Spam 381
fadden writes: "I recently started blocking IP addresses in China and Korea that were sending me spam. Instead of a blanket ban, I only blocked the subnets from which spam was being sent. After my first week of scanning and banning, I wrote up
a report on the effectiveness of the blocks." In related news, SSKennel adds that: "The U.S. Federal Trade Commission has discovered (prepare to be amazed!) that revealing your email address in chat rooms can get you spammed. It claims to have taken action against spammers who harvest email addresses and use them to send fraudulent spam." Shocker!
Fraudulent Spam? (Score:2, Insightful)
Re:Fraudulent Spam? (Score:3, Funny)
Re:Fraudulent Spam? (Score:2)
Re:Fraudulent Spam? (Score:5, Informative)
They send email directly from their own systems to your mailbox. They do not fake their headers, use open relays, hijacked proxies or root'ed boxes of other people to send out their messages. They generally have contracts with their ISPs to not cancel their connectivity as long as they have some type of proof, no matter how vague, that the mail *might* be considered opt-in (and as long as the complaints aren't too frequent. These people do listwash their own lists, if only to stop spamming people who actually complain about it, and also to show to their ISPs that they have an effective opt-out system. Their spam is annoying, but currently legal.
Fraudulent spam, on the other hand, is completely different. These are the people that hijack other people's machines to do the dirty work, rape open relays and consume all of their bandwidth during spam runs, actively probe for open relays and proxies, forge everything they can in the headers, study SpamAssassin and other filters in an attempt to craft messages that don't "look" like spam. These are the people that use their opt-out lists as a source of revenue (by selling the names to other spammers), and will frequently joe-job spam activists and others who complain too loudly and to the wrong people...
The first type of spammer sends out insurance offers, cell phones ads, inkjet ads and such. The second type sends out virus/trojan laden messages, porno by the bucketload, ads for illegal drugs, etc.
Both types of spam are annoying, but the "fraudulent" type is much more so because of its immoral content (and anyone who thinks that sending pornographic images to children isn't immoral should quietly remove themselves from the gene pool) and also because of the theft of services (bandwidth, hard drive space, etc.) from the relays and proxies that they abuse.
Epiphany (Score:5, Funny)
A resounding DUH arrises from the competent computer users of the world.
Re:Epiphany (Score:5, Insightful)
One person's "common sense" is another person's "mystery of the unknown."
Or, to put it another way...... (Score:5, Insightful)
Re:Epiphany (Score:5, Insightful)
Most casual users probably don't even consider the possibility of their address being harvested from other places, such as chat rooms.
Re:Epiphany (Score:4, Insightful)
I don't believe this. They have to know. Common sense should tell anyone that if you give someone else your information, they will be able to record that information; doesn't matter if it's credit card number, e-mail address, social security number, or mother's maiden name. If they do know enough not to give out their mailing address, SSN, and mother's maiden name to complete strangers online, then they should treat their e-mail addresses no differently.
Now, you may say that giving out SSN is more dangerous than giving out e-mail, but mere knowledge of this fact by any user proves their awareness of their actions.
Re:Epiphany (Score:5, Interesting)
Also, people tend to be a lot more paranoid about protecting their SSN, mailing address, etc than they are about their email. An email is a fairly disposable thing, and there is little threat perceived with it being public knowledge. A SSN or brick-and-mortar address is quite another thing.
Comment removed (Score:5, Interesting)
Government will announce next.. (Score:5, Funny)
Re:Government will announce next.. (Score:5, Funny)
Re:Government will announce next.. (Score:5, Funny)
obSimpsons (Score:5, Funny)
--Homer
Re:Government will announce next.. (Score:5, Funny)
Um, more like 200 million. Don't forget the study has to be done in both official languages.
Re:Government will announce next.. (Score:2, Funny)
Re:Government will announce next.. (Score:5, Funny)
I'd say something (Score:5, Funny)
Re:I'd say something (Score:4, Interesting)
Re:I'd say something (Score:5, Funny)
Auto-checked by Trillian to keep it alive...free
Never Given it out.....free
# of Spam Received to date: 654
Finding out over 1/4 was from MSN...priceless.
Yo Grark
- Canadian Bred with American Buttering.
Re:I'd say something (Score:4, Insightful)
Do you really think that if I register afsradoij294@hotmail.com that I won't get any spam? I'd bet you a large sum of money I'd get some in the first few days.
I guess I'll find out.
Re:I'd say something (Score:3, Funny)
signing guest books with your real e-mail address will get you spammed, using AOL will get you spammed, using hotmail....
Makes it sound a bit like cancer doesn't it?
You're tax dollars at work (Score:2, Funny)
Blocking subnets? Use SPEWS. (Score:5, Informative)
Re:Blocking subnets? Use SPEWS. (Score:5, Insightful)
Re:Blocking subnets? Use SPEWS. (Score:3, Interesting)
Re:Blocking subnets? Use SPEWS. (Score:5, Informative)
There is no way to get off of the SPEWS blacklist, and if they black your entire NSP for one of the NSP's customers... tough luck for you. You can post to a usenet group and beg, and they wont do anything other than tell you to break your legal contract and go elsewhere. 20 people will harass you, and you can't even know which one to listen to.
SPEWS can rot in hell. A properly configured SpamAssassin will block 98% of spam and have 0.01% false positives (I haven't gotten one false positive in a year, but I will someday).
SPEWS is NOT how one prevents spam. SPEWS is how one pisses off the people trying to mail them.
I can't stress enough how much I hate SPEWS and how much it should die.
Please, please don't support SPEWS. I beg you.
Re:Blocking subnets? Use SPEWS. (Score:3, Interesting)
By sending spammers a "500" level error, some will actually remove you from their list. By accepting the mail (spamassasin) you basically confirm that the mail address is deliverable.
I don't personally use any spews like service, jut my own private blacklist which helps reduce the amount of crap that spamassasin has to go through.
I have found spamassasin to only be about 90% effective. If I crank up the settings, I start getting false positives on a regular basis.
Re:Blocking subnets? Use SPEWS. (Score:4, Informative)
Granted, you tend to have to run your own mail server to do this, but hey...
Re:Blocking subnets? Use SPEWS. (Score:3, Interesting)
Your ISP sold you connectivity with a reasonable expectation of functionality. If half of the internet is blocking that connectivity and it can be demonstrated that the blocking is being done because of your ISP's tolerance of criminals, blame your ISP. Complain to them, tell them that you won't pay for service that is less than adequate as a result of their actions.
How I block Korean spam (Score:5, Informative)
On the other hand, 15 or so spams a day (in a language I don't even understand) every day is a major waste of bandwidth, and as irritating as hell.
What can we do about this nusiance?
Re:How I block Korean spam (Score:5, Insightful)
A much more reliable appriach is the "pattern matching/scoring" technique a few pieces of software out there use. I've been using Spam Asassin for a while now, though (too lazy for a link
Re:How I block Korean spam (Score:2)
I wonder how easy it would be to set kmail to answer those emails with a "HTML format email rejected" message? Those who could get a clue would learn from this, all others I don't care about, anyhow...
Re:How I block Korean spam (Score:2)
HTML email isn't evil by itself, and isn't used exclusively by spammers, making the solution of filtering all HTML email a heavyhanded one at best.
Re:How I block Korean spam (Score:2, Informative)
Hmmm, beg to differ. Does your company enforce Lotus Notes 4.6 client?
Re:How I block Korean spam (Score:2)
I'm not saying it's perfect - text is certainly much more simple, and serves the purpose for just about everything you want to do. However, there are times that HTML has legitimate use, and it would be a shame to kill a feature just because it has the ability to be misused.
Re:How I block Korean spam (Score:5, Informative)
They can always go up to the menu bar and change it if they suddenly decide they need to send HTML emails.
By the way, I really, seriously, very strongly doubt that HTML mail format is necessary for your marketing group or whatever. I find it excpetionally unlikely that they are WRITING EMAIL IN HTML and that this is as core competency of your sales dogma. Most likely they are attaching files to email, which works fine with plain text.
HTML email actually IS evil. There's completely no point to it. And in fact it's part of the spam problem: Let's say a HTML email contains a ref to some JPG somewhere. You read the (spam) HTML email, your 'puter dowloads the JPG. Congratulations, now the spammer can check his web logs and determinie how many people got the message! If s/he's really crafty, you could even tell which recipients got it by cross-indexing the HTTP GET request with the virtual file name you've set up like 01010012001012712.jpg -> sucker1001@hotmail.com. Now you put that name on your "known good accounts" list and sell it.
A cure for HTML spam... (Score:4, Informative)
Re:How I block Korean spam (Score:5, Informative)
:0 f
* ^Content-type: text/html
* ! html; charset=
* ! from hotmail
| ${FORMAIL} -A"X-Spammers: text/html only message"
The above has *NEVER* given me a false positive in over 9 months of use.
Also, I use 3 rules that block Fake Netscape/Hotmail/Yahoo e-mails. Basically, if the e-mail has a from address from either of those but isn't really from thier servers they get tossed as well.
# hotmail-specific
:0
* ^(From|Return-Path):.+@hotmail\.com
{
&nbs p;
* ^From: ".+" <[a-z0-9_.-]+@hotmail\.com>
* ^X-OriginalArrivalTime:
* ^X-Originating-IP: \[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+]
* ^Received: from hotmail.com \(\/...
* $ ^Message-ID: <${MATCH}.+@hotmail\.com>
{ }
| formail -A "X-Spammers: fake hotmail"
}
# yahoo-specific
:0
* ^(From|Return-Path):.+@yahoo\.[a-z]+
{
&nb sp;
* ^Message-ID: <([0-9.]+\.qmail|[0-9]+\.[0-9A-Z]+)@\/[a-z0-9-]+\
* $ ^Received: from
{ }
| formail -A "X-Spammers: fake yahoo"
}
# netscape-specific
:0
* ^(From|Return-Path):.+@netscape\.
{
* ^X-Mailer: Atlas
* ^Received: from +netscape.*MAILIN
* ^Return-Path: <\/[a-z0-9_.-]+@netscape\.[a-z.]+
* $ ^From:.*$MATCH
* $ ^Received: from $MATCH.*by [a-z0-9.-]+\.aol\.com
* ^Message-ID: <[a-z0-9]+\.[a-z0-9]+\.[a-z0-9]+@netscape\.[a-z.]
| formail -A "X-Spammers: fake netscape"
}
Those 4 rules save me a big headache.
Large-scale SpamAssassin installations (Score:4, Insightful)
Au contraire, if you're clever about it, SpamAssassin works great in large-scale operations. In conjunction with MIMEDefang [roaringpenguin.com], people use SpamAssassin to scan a lot of mail -- over 1 million messages/day in two sites I know of.
Re:How I block Korean spam (Score:4, Informative)
Re:How I block Korean spam (Score:4, Informative)
I use addresses like amazon_spam@yourdomain.com
That way I can tell for SURE where it came from. Plus I filter based on _spam in the To: field.
How can I block American spam? (Score:5, Interesting)
The /. crowd always seems to be talking about how huge the Asian spam problem is. So as an experiment, I've been keeping my spam in a separate folder for a few months, and less than 3% of it is Asian in origin (counted by relay server used AND the spammer itself). Over 70% of it, originates in the USA, and are mostly USA cons/scams/pseudo-products etc (diplomas, anti-spam software, spam software, porn sites, "hot strock investment advice newsletters", "work at home", MLM etc, "lose weight", search engine 'promote your website' offers etc).
Why the discrepancy, am I just an outlier, or are slashdotters exaggerating the non-US-originating spam problem in relation to the US-originating spam problem?
Re:How can I block American spam? (Score:2)
Maybe I just post my email address in the wrong chatrooms.
Re:How can I block American spam? (Score:2, Interesting)
Perhaps it has a lot to do with where you 'leave' your email address. Much of my spam is addressed to email addresses that were almost certainly harvested off websites I maintained or have maintained (a company website and a personal website, both .com domains), or off websites (such as forums) which my email address ended up on. With some of it its obvious its been sold by a company that has my email address (I also tend to sometimes create very specific email addresses that I use only for registering at individual companies .. most of the companies, fortunately, seem to be well behaved). Chatrooms, I don't use.
Re:How can I block American spam? (Score:2)
The bit about the chatroom was a joke. I don't really use 'em, either.
Asia regrets omission and will make best effort (Score:5, Funny)
Regards,
joe
P.S. Add your friends to the list also! You don't want them missing out too, do you?
Re:How can I block American spam? (Score:3, Interesting)
I count it as "Asian in origina" if ANYTHING on it is Asian (China, Korea, Taiwan etc) in any way, e.g. if it went through an Asian relay server, or if the company spamming me is Asian, or the source email address looks Asian (e.g. chinese or korean suffix) etc, or the referred to website looks Asian. The small bit of Asian spam I have gotten was very obviously from China, they were openly Chinese companies selling openly Chinese products.
Much of my spam is very clearly from the US, and almost all of it is decidedly non-Asian. For most of it, all servers listed in the headers are in the USA, the products or pseudo-products they are selling are being sold out of the USA, the websites being advertised are in the USA, and run by Americans. If its a "hot stock investment advice newsletter" its for a company in the USA. Usually any phone numbers listed are USA phone numbers. Prices are in US$, and in the case of cons like MLM and "work from home" its also usually in US$ (yes I know that doesn't mean anything by itself, but its usually accompanied by other indicators, such as addresses/phone numbers). The text of the email also often indicates that whatever they are marketing, they are marketing at Americans *only* (e.g. they mention/offer things that are only valid in the USA, e.g. things that relate to the American tax system or voting system or American politics, or various other elements of American social infrastructure, or places in the US).
I suppose I shouldn't spend so much time analyzing my spam, but it bugs me that the country that seems to be pointing the most fingers is also (at least in MY mailbox) by far the biggest culprit. Just wanted to know if other people's experiences are similar.
Re:How I block Korean spam (Score:2)
Re:How I block Korean spam (Score:3, Informative)
If From contains "hanmail.net" (case sensitive)
then deliver to Trash
If From contains ".co.kr"
then deliver to Trash
(here comes the trick)
If Body contains "charset=KS_C_5601-1987"
then deliver to Trash
If Body contains "charset="ISO-2022-KR""
then deliver to Trash
(most funny is)
If Subject contains "!!!!"
then deliver to Trash
Yes, guess what? that 4 exclamation mark saves me from many spams! not a joke, they love 4 exclamation marks.
Let me tell you the amazing part, its a webmail filter, I can't do more, to block IP subnets, I need to root Yahoo
I feedbacked to Yahoo and asked if they get any financial etc goods from those well known 2 damn companies... No reply. I kinda know them now. They are 2 huge ISP's, they are knowing the problem but they don't do anything about it.
If we lived in a good,ethical world, Yahoo pros knowing this thing would mail to them and those a$$holes wouldn't dare to ignore Yahoo giant as they do to us, end users. Like. "Close your port 25 for indivuals _now_ or we will block all the mails sent to our customers/users effective 1 week from now on". If I paid $25 for my mailbox, I'd still get that crap, can you believe?
Go to http://www.spamcop.net and check "top spammers", hanmail and kornet, always there!..
SPAM (TM), wonderful SPAM (TM) (Score:2, Funny)
Proper Trademark Use Guidelines.
Please Do:
Always put the trademark SPAM in all capital letters.
Follow SPAM with "Luncheon Meat" or other descriptor. Remember, a trademark is a formal adjective and as such, should always be followed by a noun.
Asian Spam??????? (Score:5, Funny)
And AS for effectiveness! That stuff works all the TIME.
Re:Asian Spam??????? (Score:3, Funny)
And sorority web cam initiation spam!
Oh yeah! Clicky clicky!!!
Do they have a response email address? (Score:4, Funny)
Re:Do they have a response email address? (Score:2)
http://segfault.org/stories/3769269e-08996da0.h
Re:Do they have a response email address? (Score:2, Funny)
blocking ip's isn't enough (Score:4, Interesting)
Good point about the pig singing. While Comcast is extremely unhelpful (bordering on incompetent), foreign ISP's don't face any accountability. There's no decent legal recourse. So blocking the IP is the simplest route.
Has anyone else seen a significant amount of spam from Brazil? Where is the onslaught of OSS Bayesian filters?
Re:blocking ip's isn't enough (Score:5, Informative)
Re:blocking ip's isn't enough (Score:4, Informative)
I believe they also have a POP3 proxy and an SMTP proxy is on its way. The automation for these is not quite so refined, however.
sigh (Score:3, Insightful)
That's okay. They're used to it. [epnworld-reporter.com]
Ode to spam (Score:2)
Before I knew it, my mailbox was full
The emails were just a bunch of bull.
Why or why do I get this spam?
I don't even like the canned stuff,
Thats just a bunch of fluff.
I need to stop handing out my email.
Chat rooms are to common of a place,
to see my email all in lower case.
Please tell my why I receive spam.
Is it because I give it out?
Or how do the sites get it when I roam about?
O why, O why, do I receive so much spam?
Argentinian Spam (Score:3, Interesting)
I get about 10 spams a week now from Argentina. Normal spam is bad enough, but I can't even understand what it is they are supposed to be selling. How silly is that. For the life of me, I can't work out where they could have got my address from. I've never had anything at all to do with Argentina.
Bemused!
Asian Pacific network (Score:5, Informative)
How well does this work? Extremely well. I've gone from receiving 20 pieces of SPAM a day to only 1 or 2 (which Spamassassin [spamassassin.org] typically catches. I realize that this method won't work for everyone, but it has worked out quite well for me.
Re:Asian Pacific network (Score:4, Insightful)
So that's why American ISPs ignore me when I complain about the spam they send to me in Hong Kong.
Speaking of exposed email... (Score:5, Interesting)
Revealing your email address on Slashdot can get you spammed. You may have noticed my sig says "Sig: I'm performing an experiment on the origination of SPAM, don't email me.". What I did was I set up a junkmail box and pointed my Slashdot email address at it. The only place this address has ever been made available is in my user address that is displayed whenever I comment. When this address is e-mailed, it automatically responds with "thanks for the unsolicited mail!" I don't read the messages unless somebody responds to it.
What prompted me to do this was the 'armor plate your email address' feature in my user settings here on Slashdot. It made me curious if having my e-mail address viewable in the comments I make would mean I'd recieve lots of Spam. My curiosity is satisfied: You can get a good deal of SPAM if you don't use the 'armor plating'.
You know what? They don't just look for e-mail addresses to send mail to. They also use the e-mail addresses as reply-to addresses. I found this out when I got an email from a guy who was puzzled by my auto-responder emailing him. It turns out that somebody sent a message to me and used his address as a reply-to address. Weird, Iddn't it? Fortunately he was very nice and we got that all settled, but it is a little disconcerting that the addresses are used in ways like that.
When I first started this experiment, I responded to the messages I got. I accused one guy of harvesting my address without really reading what the message said. Turns out, the guy ran a mailing list for local (to him) volunteer firefighters announcing a meeting. This wasn't the type of event that somebody would 'direct market'. Heh. Evidentally, somebody volunteered my user address only displayed on Slashdot to his list. How weird is that?
I am extremely curious if anybody has any insight into the motivations of people who'd use email addresses in these ways. I can understand somebody using my email addie as a reply to address, but I have no explanation for why somebody'd volunteer me for a volunteer firefighter's list.
Re:Speaking of exposed email... (Score:2, Insightful)
BTW, I thought it very funny that the WSJ, in an article mentioned earlier, allowed the spammer to say they never forged headers while, at the same time, they admitted they did forge the 'from' field.
Re:Speaking of exposed email... (Score:2)
This might be due to the Klez virus or a variant. It forges the From address in email, using a random address from the victim's address book. So if someone has Alice and Bob in their address book and they get infected, they may send mail to Alice that claims to be from Bob. Here's a Wired article [wired.com] with more information.
Re:Speaking of exposed email... (Score:5, Funny)
Agreed. This e-mail address attached to this article is my 'spam account' so I clean it out once a week, but I do actually read legitimate messages.
"When I first started this experiment, I responded to the messages I got. I accused one guy of harvesting my address without really reading what the message said."
Hehe, I make a point of responding to those Nigerian scammers. I tell them my name is James Kirk, phone number is 202-406-5850 and fax number is 202-406-5031. (Yes, the name was inspired by the haxial.org thing.) The zinger here is that those phone and fax numbers correspond to the US Secret Service Electronic Crimes branch!
I actually got a few of those scammers to phone the number. One guy was furious and demanded an apology. Another e-mailed me back and told me that the woman said there was no "James Kirk" there. I got at least 2 of them to fax their financial documents over there. Heh.
Cloudmark - Outlook 2k/XP users (Score:5, Informative)
Re:Cloudmark - Outlook 2k/XP users (Score:5, Informative)
Suing SPAM companies? (Score:5, Interesting)
I've invested significant money some years back in a domain name so that I could give my clients and friends an easy to remember, unique email address. I consider it a significant investment, because it looks good on a CV, business card, or letterhead, is easy to remember, and it cost me time and money to establish it.
However, a number of spam companies have picked up on my email addresses at that domain, and have distributed it on a number of those unpteen-million address CDs sold to other spammers. I recieve over 100 unsolicited emails a day. Now, I try to filter them with software filters, but due to the hit-and-miss nature of heuristic filters, legitimate mail is deleted on occasion.
The way I see it, my unique and expensive email address has been devalued by these spam companies, because the whole point of buying that domain name was so that I could use it publically. If I have to keep it a secret to avoid spammers, it is worthless! I can't even use it as an example while writing this article, because it would be picked up by yet more spammers.
I wonder why nobody has tried suing along these grounds. Think about it: If some company had invested time, money, and effort into setting up a toll-free hotline for their customers and/or clients, but had the service ruined by telemarketers jamming the system with 100x more junk calls than the real calls the company recieves, the next outgoing call would be to a lawyer!
Re:Suing SPAM companies? (Score:2, Troll)
OK it is a kinda lame anology but all I could come up with and I think it gets my point across. What you have on the internet is a matter of PUBLIC information. You have no expectation of ultimate privacy in this regard. If you find a trick that works (at least for a little while) then lucky you but this trick is not IMO (& IANAL) legal grounds for prosecution. If you want complete anonymity and pure privacy try not using the internet or setup some VPN and use a private mail server with access only by those whom you allow in the VPN.
Also, I get spam I don't like it either.
Re:Suing SPAM companies? (Score:2)
I really don't think this will fly. Just because you've spent money on something, it doesn't mean that nobody else is allowed to do anything that will adversly affect your investment. You may just have made a bad investment.
E.g.: I buy an island and build a luxury resort specifically for celebrities to get away from paparazi. Once I open it, the paparazi start hanging out in boats off shore (a public area). I can't make them go away.
E.g. 2: I build a luxury apartment block next to an airport. I can't sue the airport to reduce noise just because I can't sell my apartments.
E.g. 3: I distribute movies on a medium that allows me to prevent people skipping the ads. Someone starts distributing programs that will play my movies while allowing the ads to be skipped. I can't sue them simply because this has an adverse effect on my advertising income.
E.g. 4: I spend lots of money building up a buggy-whip business...
O.K, looking back at this list, you *shouldn't* be able to sue in these cases.
asia is *not* the problem... (Score:2)
Me too... (Score:2)
My list is available at:
http://enthalpy.homelinux.org/spammers.txt [homelinux.org]
Fadden? (Score:2)
58. fadden 3000+ AUDIO Books on CD wrv
64. Information fadden
65. fadden this will help you look good and feel great
67. Money for fadden
What the hell is "fadden" ?
damn (Score:2, Funny)
Why not filter based on MIME type? (Score:2)
Funny story: a couple of months ago, I spent a week in China. The phone company runs a crazy-cheap Internet cafe in the Shanghai airport (the equivalent of about 5 USD per hour for a Windows machine with a T1 or something behind it.) I ssh'd back home (oops, was that illegal?) and out of habit, checked my spam folder. For the first time, I saw all the Chinese characters rendered correctly in the subject lines! It was amusing.
Just a note (Score:4, Insightful)
The spammers are outside of Asia, and simply target open relays where ever they find them.
The stats by the submitter show that most of not all the mail is in English. That should tell something about the true origin of the spam.
If the open relays were closed, the spammers would move to other hotbeds. Let's work to educate the admins in Asia, and force the spammers to back off using open relays.
Re:Just a note (Score:3, Insightful)
Unfortunately, it's been tried and has failed, numerous times. Email sent to admins in Asia is usually ignored (or perhaps misinterpreted?), and mailing their ISPs has no effect. When the whole 'craze' of blocking Chinese IPs started, there was a large controversy over the practice; many felt it immoral to blackhole a whole country, opting instead for education, but it was the experience of many admins that trying to educate or inform the Asian admins was a waste of time... much like trying to teach a pig to sing (It doesn't work, and annoys the pig). Hence the popularity of blacklisting Asian IPs.
Don't believe me? Try submitting some spam reports to Asian admins and their ISPs... let me know how it turns out... I warn you, however, that it's unpleasantly like bashing your head against a rough concrete wall.
Re:Just a note (Score:4, Interesting)
I'm trying for a pragmatic approach, and I would never suggest that simply sending an email or making a phone call would be helpful. The admins I talk to want to fix things, but until a focused effort is made to help them (docs in their languages, etc.), things won't change, I agree. Certainly complaining isn't going to help...and ignoring it isn't going to make it go away.
I'm working on it the best I can...one admin at a time
Re:Just a note (Score:3, Insightful)
Most of the open relays in China are Exchange server. Documentation for Exchange server is available in Chinese (not sure which dialects), Korean, and Japanese. The problem is, most of the deployed servers in China (and probably Korea, too, but I didn't really check there) are versions prior to Exchange 5.5. And those older versions, while they do have some settings to supposedly turn off relaying, do not completely turn it off, and spammers know how to exploit the relay holes.
The cause of the problem is that virtually all of these servers are running pirated copies of Exchange (and probably of Windows, too). It sure seems that, on average, the Chinese people are less concerned about theft (be it of your mail server bandwidth, or of commercial software) than westerners (Americans and Europeans) on average. Eastern European countries also have some of this problem. This seems to be a pattern that poorer countries are where it happens. Places like India, South American and Africa have less of it, but I think that is probably because there is virtually no internet connectivity outside of the big cities (this is changing quickly now in India and parts of South America), and so the deployment of mail servers and spammable bandwidth just isn't there yet. Expect new waves of spam from India over the next year or two, and from Africa after that (Much of the Nigerian money export scams really are originating from Europe and USA, not all from Nigeria, but this kind of thing doesn't need lots of bandwidth anyway, since it often uses Chinese and Korean open relays, anyway).
This is actually a missed opportunity for the Linux community. Given there are distributions of Linux specifically designed for various Asian languages, we should work to further promote this deployment. Not only will it help the spam problem because of defaults that don't open relay and readily available native language documentation, but it also gets Linux installed in more places, in one form or another.
Obligatory Literary Reference... (Score:2, Funny)
That spam Siam
I do not like that Siam spam!
With apologies to Theodore Geisel
Ultimate Anti-SPAM plan (Score:5, Interesting)
First off, the core of this system relies on whitelist-confirmation. This means that first time senders are given an auto-response email which must be "confirmed" in order for their message to deliver. Once they have done this, they are whitelisted, and all email from them passes through. TMDA [sf.net] is what I use for this job. I leave my email address "unarmored", because no spam can get through. When I check my mail in KMail, there is no spam.
However, all is not perfect. After many many months of using TMDA, I still find myself sifting through the "pending" folder on my mail server, which keeps hold of all the mails from unconfirmed senders. I generally do this every couple of weeks, and there are often at least one or two legitimate emails that were never confirmed. There are many possible reasons: 1) they thought the confirmation request was spam, so they deleted it (either manually or through an anti-spam filter). 2) they don't like the idea of having to do a stupid confirm (although no one has actually brought this up to me yet). 3) Maybe they use a reply-to or something weird that trips up TMDA (perhaps fixable or not..)
Anyway, the point is that legit emails aren't 100% getting through. The next consideration then, is to use a word-filter (and who knows, maybe TMDA does this too), to see if legit mails can be detected by their content. Maybe this could be done using a bayesian (sp?) filter, as recently discussed here, or perhaps SpamAssassin. Emails detected as legit would be delivered directly, and the sender would be auto-whitelisted. Ambiguous emails would go through the usual whitelist-confirmation procedure. This way, the word-filter never actually throws email away. It gives the sender a second chance, by sending it through the whitelist system.
This, I think, would solve the problem completely for me, as all of the legit mails that wind up unconfirmed would very much pass the legitimacy test (they mention a software project of mine, or something else very obvious). If this were in place, I could send my pending bin to
Obligatory OS X mail reminder (Score:3, Informative)
Still no one has an answer, what do we do about it (Score:3, Interesting)
So far to combat it, I've removed email addresses from all my sites and replaced them with a contact form and when I do absolutely have to show an email I obfuscate it pretty well using a combination of character encoding and javascript's document.write. (Browsers still work fine.)
I also have a catchall so anytime I order something or fill out any other online form I use "the domain I'm browsing"@mydomain.com, that way if they give it out I can tell.
The thing that sucks is that the innocent average internet user doesn't realize that if THEY give my address out, companies will collect and sell MY information, thus I was opted in to their list without my knowledge or consent.
That stupid crushlink site and the smiley t-shirt were the worst. I quickly blocked them at my server in hopes that they would think I didn't exist.
Re:Still no one has an answer, what do we do about (Score:4, Insightful)
I like to use the form me@"the domain I'm browsing".mydomain.com. That way if the address ever gets too inundated with spam, I can delete the DNS record for it and not even have to see the postmaster notifies for it. It also wastes a minumum of my bandwidth (1 DNS NACK packet vs. an entire SMTP conversation).
What about management? (Score:4, Insightful)
Seems like a big hassle on the management end.
How to get down to 0.0014%... (Score:4, Interesting)
1) IP-level blackholing of certain large subnets, as I like many others virtually never get any legitimate email from China or Korea, and many of the craftiest fake headers ride on brand new Chinese and Korean open relays. In case of emergency, people there can always use Yahoo or the likes - and I suspect many Chinese and Koreans who communicate with people abroad are already used to doing just that, as blackholing is becoming more and more widespread.
2) RBL's. I personally use bl.spamcop.net and relays.osirusoft.com. These catch 99.2% of "quasi-legitimate" spam, and about 65% of the open-relay spam not caught above.
3) Heuristic tagging via Spam Assassin/procmail/filters/etc as a last line of defense. I personally use a filter file that I edit pretty much every time a POS (piece of spam
This is obviously more aggressive than many people can afford to be, but it's a viable solution for someone with a low signal-to-noise ratio and a high irritability ratio.
This works well for me (Score:5, Informative)
I decided to use this to my advantage. You can too.
If your sendmail daemon uses the tcpwrappers library, you can create a
file with "sendmail: ALL" and a
Doing the above will cause your mail exchanger to refuse incoming mail connections from any host with an unresolvable IP address. It will cut up to 80% of your spam.
For the clueless ISPs, you can add exceptions to your
I wish more people would do this.
I'ts working! (Score:4, Funny)
Annoying Forwards (Score:3, Informative)
A month later, I got forwarded one of those "send this to x people and Bill Gates will send you $3,014 for each 3rd person... no really, it's true, just the other day I recevied my $10 million dollar check from
I replied and told her never to do that again or she will be blocked and I'll never email her. I explained to her why she shouldn't do that. It's because someone somewhere along the line will get the 30 times forwarded message and will glean the 100's of emails that are a part of the message body from all the forwards and put you on a list.
Now, everyday I get 1 or 2 Univerity Diplomas emails, they just don't stop sending them, Every day Janna wants to know what I was doing last night, King Kong keeps wanting me to buy some Herbal Viagra alternatives, FBI snooper detection prevention software, and a chance to win a free 3 carot dimand after I send $2,000 to sponser some foundation... yeah... uh huh...
I'll tell you, those funnies you send and recieve everyday is a really good way.
The other way is to reply to a spam to be removed from a mailing list. In the same mail account, I replied to a few to be removed from the list and shortly after the volume of messages recived almost doubled. Now it's a useless email account that receives over 600 emails per week. It's sad because I've only sent and recieved less than 10 legitimate messages from that account in the past 5 years and this is what I get in return for it.
Bottom line:
* Warn your friends and family not to send
you forwarded email. Explain to them
that most of those messages are hoaxes,
anyway. Companies don't pay to you to blast
the Internet with messages.
* Second, don't reply to spams when you do
receive them or it will just confirm an
active account. I used to spoof returned
mail notices but those don't help any,
they also make it worse.
* Third, if you do recieve a mass-forward,
you're already at odds.
* Each time you sign up to a new web-site, read
the privacy statement. Usually, you're info
will be shared with a partner. Check that
partners privacy, because usually that partner
will share your info with a partner and so on.
Your email address is usually not kept secret
anymore. They make too much money by selling
to people. If they are European based, then
it might be more secure because of privacy
laws.
* Opt-out of those "important updates from the
company and their partners". This will just
generate more unwanted messages than you'll
care about. I've opted-in to some in the past
that were supposed to be monthy tech news
updates on important issues. Well, one day it
became daily. They changed their policy with
out notifying me.
* Most sites reserve the right to change their
privacy policies at-will and with no obligation
to notify you. They expect you to keep up
on this yourself. The best advice is to do
so. I've cancelled membership to some sites
because of this. My data is not theirs to
profit from while I profit nothing from it.
* Obvious names, such as "kitty@domain.com,
bmwlover@domain.com, studmuff@domain.com, etc"
are likely culprits. Sometimes they perform
dictionary based attacks on many domains and
it may just be your lucky number. What's
worse, is that they CC so all emails are there
and other spammers gather those emails and then
you are placed on another list.
* Anything else not mentioned. Keep in mind,
these are only spam "reduction" techniques. I
think it's very difficult and next to
impossible to not be spammed. Being aware of
certain actions that will trigger a result and
preventing those actions, will help greatly.
* If they leave a return address, sometimes you
can complain and have their account revoked.
This won't stop them, they'll open another
account and continue.
* Push for a law that allows the sponsor of the
spam to be sued for damages and inconveniences
rather than the sender. For example, I've
recived over 200 unvirsity diplomas messages
which all have the same phone number, but each
message is from a different sender. If we can
sue the owner of the phone number, than that
would go a great distance because it would
make people afraid to market in that mannor.
Well, hope this helps,
Leabre
Purchase Product X Or Else... (Score:3, Funny)
yOu haVE beeN GiVEN manY OppURtunItiES tO puRchASE proDuct X viA thE MILlioNS of emAilS YOu reCieVE eAch wEEk. You HAVe refuSED. We NOw HavE YoUR EmaiLS RansOM. If YOu FAil to puRChasE braND X by SundOWn FridAY usINg InterNET eXplorER 5.01 or HigHER WitH WindOWs 2000 SeCURity SETtings MimIMUm... You'LL neVeR SeE youR EmailS agAiN
Koreans - they're so darned courteous (Score:3, Interesting)
Re:Dont you just love it when spammers get your na (Score:5, Funny)
Re:hooray (Score:2)
I'd agree with you *if* most servers came with Chinese|Korean|Japanese|etc documentation.
Re:USA SPAM (Score:3, Interesting)
At one time I worked as a DBA at a small company where I also got to administer the email system. (Don't ask.)
Our customer service addresses would be bombarded with nearly 5,000 spams a day from various sources. In general, US, European, and Australian ISPs did an excellent job in shutting down spam sites. This stemmed the flow to about 2,500 spams per day.
Of these roughly 2/3 orginated from Korean, Chinese or Romanian servers, whose admins never on any occasion took any action against the spammers.
So I spoke to the network people and computer systems director and decided to filter most of the subnets where the spam originated from (probaly about 7,000 address ranges).
It was a decision I was relectant to make, but it needed to be done. Our company provided services to customers in the US, Canada, Mexico and Chile. We weren't going to lose any asian business.
Until the ISPs in these nations decide to be good net citizens, the rest of the internet community should blacklist them.
Re:we use a simple shotgun... (Score:4, Funny)
I do this and I have found it to be extremely sucessful.
Since I did this I haven't got a single spam email.
It also stops annoying people who have my email address from contacting me.
Re:How about access control lists? (Score:3, Insightful)
Asia? Third-world? You do realise that Taiwan, Japan and Hong Kong are Asian countries, don't you? You know, those little backwater places that make most of the cool high-tech toys in the world? Hell, chances are a lot of the stuff in your PC is Taiwanese in origin, and Japan has stuff that you won't see in Europe or the US for years.