Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam

Everything About Spam And More 94

Posted by CmdrTaco from the stuff-to-read dept.
konsept writes: "a quick overview of the problem of unwanted, unsolicited e-mail, a growing threat to the usefulness of the Internet. In most cases this will appear as unwanted commercial e-mail - junk e-mail advertising. In a few cases, users of the Net are unfortunate enough to receive unsolicited religious, racial or sexual messages, a somewhat more serious matter." Somewhat of an entry level piece, but a lot of great advice and coverage of the major relevant legislation on the subject.
This discussion has been archived. No new comments can be posted.

Everything About Spam and More More

Everything About Spam and More

Comments Filter:
  • I always loved that reasoning. It's sort of:

    If you leave your living room window open, that gives me the right to throw trash into your living room. I mean hey, you can just dish out the vacuum cleaner and clean it up, can't you?

  • I just sent an email to the people at Alchemy Mindworks about this page. Here it is:
    Hi, I just read your Death to Spam page (after following the link from Slashdot, if you're interested), and I have just one comment to make: you recommend replying to some spam with polite messages, or even veiled threats, however, this is just about the WORST thing you could possibly do after receiving spam! Nearly all serious spammers have software which generates custom email for each user, usually with a url in it. When you reply to that email, or visit that url, it personally identifies that your account is active, and the spammer will then most likely sell that information, along with the addresses of thousands of other active accounts that they harvest in this way. Replying to spam will only make the problem worse.
    Any comments on this comment?
  • In fact, they do. Just go to their webpage, fill out your validation email, and a URL will be sent to your email. Bookmark this URL -- you can come back to it anytime in the future, and it's just one click away. The URL takes you directly to the spamcop submission form that you can paste fresh spam in.
    ---

  • If you use full headers on your email, you should be able to pull the senders IP address from the header of the spam in question. With that you can go to http://combat.uxn.com. This site will do a Whois query on the IP and return to you the name of the ISP. You can then send a complaint directly to the spammers ISP abuse@.com

    I've already had a few accounts blasted after receiving an atrocious amount of spam from their account, and I haven't had a problem with spam for about three months now.

  • What I find the most annoying thing about the spam I receive is that most of it originates from other countries.

    I live in the UK - the majority of the spam I receive is from the US. Not only does it attempt to sell things I don't want (like all spam tries to do), it attempts to sell things like electrical or satellite equipment that won't even work. Even worse the have a marvelous 'toll free number to remove yourself from our list' that will most certainly not be toll free.

    Is this toll free number required by US law? Does is specifically say the number should be toll free within the US, or is it simply stated as having to be toll free? If it is the latter case, would that mean that all US spammers should provide toll free numbers in all of the countries they spam to?

    Steve.

  • Brightmail (Score:2)

    by Anonymous Coward
    Brightmail [brightmail.com]

    While spoofing mail at the TCP/IP layer has become trivial, catching the actual spammers is near to impossible. Brightmail has come up with one of the best solutions I've seen so far. They claim 80%+ spam filtering.

    I believe in hitting the spammers where it hurts. I got one the other day where someone was trying to sell me land in some other country and wanted me to fax my bank particulars so they could get me a 'good' deal on the land. That guy got black faxes all day long. Doesn't take long to run a fax out of toner :)

  • for each single piece of spam (unsollicted commercial email) seen by any of the recipients, 1 grain of sand will be forcefully inserted into the offending party's rectum.

    I'm all for it... cruel and unusual punishment? well YOU started..

    //rdj
  • spamcop does the same.. and then some.

    I'm quite happy with it.

    //rdj
  • I've gone all out in trying to eliminate spam over the years, and amazingly, it seems to be working!

    Don't misunderstand--spam hasn't dissappeared, and it probably never will. Too many losers think they'll make money at it, or can at least convince other people that they can. However, the business model just doesn't work, and education has been a big part of the reason for that.

    Right now I get two or three bits o' spam a week, across all of my email addresses. That's down significantly from the 15-20 per DAY that I used to get.


  • try korean spam.. at least US spam is readable.

    85% of all spam I get is US only
    5-10% is in korean/japanese/chinese (probably not)
    which I can't read, being very, very dutch.
    just to bug them I ask them for clarification. In dutch

    once in a while I get spam that could, in theory, actually do business with me. usually this is either about search-engine registration, or come to us to spam people.

    and what REALLY bugs me:

    call 1-800-bastardspammerremoveme (toll-free)

    HELLO! THAT DOESN"T FUCKING WORK FOR INTERNATIONAL PHONECALLS!

    //rdj
  • It's odd that you mention this, I just spoke with the developer of spamcop, Julian Haight, about this exact issue two days ago. I was irritated that spamcop sent so many complaint messages to our abuse account. However, after listening to Julian's reasoning, it is very understandable why spamcop does this. It's really simple. It sends a message for each complaint filed, same thing that happens when non-spamcop complaints are filed with an ISP. He pointed out that many ISPs will not respond to complaints until a certain number are filed, that some ISPs save all complaints, and that it probably wasn't good to just discard the complaints. To top it off, there is even an email address that will automatically close out spamcop issues, so a relatively simple procmail recipe will allow sysadmins to only receive one message (the first report) per spam incident. With that last item in mind, there are really no valid complaints that can be made about spamcop from a sysadmin standpoint.

    badtz-maru
  • This is the upsetting thing, to me. I am of the opinion that if you are setting up websites and trying to do business or even just be a _public_ person rather than some sort of sneaking conspirator, you should be able to have a public address. Particularly in terms of running a business, it's unjustifiable to me to be completely dependent on some other firm for the contact information you make available. That said, the reason I like hotmail is that they do kill accounts on my sayso- they seem to actively whack their spammer clients. However, if I was trying to maintain legitimate contact information that's the last thing I'd want- what if I hired some idiot who spammed? I'd fire them obviously but would my contact information be permanently screwed up, would I have to go replace God knows how much distributed media like business cards and brochures?

    I suggest doing whatever necessary (assuming you're serious enough to be using your own domains for these websites) to do whatever necessary to associate the email with the domains- knowing that you'll get very heavy spam from this, including mis-addressed domain email and dictionary attacks. I do. But I can't reasonably be expected to give up my use of normal contact information (I'm chrisj@airwindows.com if you are in Vermont and need to do some studio recording or digital/mp3 mastering- yes that's not a misnomer, I'm using a special hack of LAME that allows me to set ambience levels dynamically, not currently available from the normal sources. Yes I will share- if asked. It's easy- pass in ATH masking level as an arg)

    See, there's another reason why I might want normal contact information- some of the people working on LAME might stumble across this someday and want to know what I was doing. If I'm giving contact information that goes with my domain it will follow me if I have to change hosting. If I'm giving out some third party address it is always at risk of being rendered permanently useless. That's too high a cost- and if it's over spammers, the fault is not mine! I refuse to give up and assume there will never be at least _some_ way of dealing with spammers. Wait until Senators and Congressmen and Judges are getting so buried in spam that they cannot use their emails, wait until _they_ do the calculations and figure out that they will end up spending a year of their life just dealing with email spam by the time they die. _Then_ maybe we'll see it treated as the crime it is, akin to junk faxing.

  • >So far, Spaminator has intercepted over 200 emails since early November.

    The funny part is that since Earthlink spams their own customers (I've got several "Please get DSL now!" and a couple of "Get a digital camera free if you buy $PRODUCT from us" mails from them), Spaminator - at least at one point - filtered that out too :-)

    That said, ISPs spamming their own customers is more of a customer support issue, rather than a spam issue - Earthlink owns the mail server on which my mail resides, and if they want to load it up with their own spam and alienate me as a customer, they have a right to do so.

    Now, uu.net, on the other hand... or rather, their non-port-25-blocked reseller. Fuck uu.net with a wire brush. When Worldcom defaults on its bonds, I'm gonna be first in line to buy a uu.net RADIUS server at ten cents on the dollar, just for the pleasure of smashing it to bits with a wooden mallet.

    If you look at the stats [spamcop.net], you'll see that uu.net is the single largest source of dialup spammers on the planet, by a factor of ten.

    That's right - 90% of the dialup spam comes from one ISP.

    I don't give a damn how many rogue resellers they have - uu.net has refused to disclose the identities of these resellers since 1997.

    IMNSHO, uu.net is culpable. They are nothing more than a spam support service, and deserve to have their netblocks filtered, BGPd, and otherwise obliterated. Turn spew-spew.net into the world's biggest LAN, and the world will be a better place.

    But back to Spaminator -- the reason I don't use it is because I know how to read headers. And for every one of us who knows how to read headers and files abuse reports for every spam, several dozen dialup moles can be whacked per month.

    Filters are an OK solution for deleting spam. But I much prefer to delete the spammer.

  • >I thought the rule was, "Never answer spam. Answering only serves to validate the spammers database."

    Entirely correct.

    And the article also appears to suggest mailbombing as a form of retaliation, which is bad juju for two reasons:

    • First - it's abuse. We're the good guys, goddamnit!
    • Second - friendly fire. Are you really mailbombing the spammer, or are you mailbombing some poor sucker with his mail address forged in the From: field?
    Just read the Received: lines, find the origin of the spam, and launch LARTs to the upstream providers.
  • >Do spammers look through the whois database or something?

    Yes. Documented in news.admin.net-abuse.email and searchable through Dejanews.

    If that's not scary enough, networksolutions.com - yes, the fsckers that used to own the whois database - has been documented numerous times as spamming based on the contents of that database.

    As for mail rules - yeah, I autobounce anything with any uu.net IP address in any Received: line to abuse@uu.net. Doesn't really slow down the amount of spam I get from spewnet, but I haven't had a single false positive in four years.

  • >You complain that people have received "unsolicited religious, racial or sexual messages, a somewhat more serious matter."
    >
    > And this is more serious than commercial email ... why?

    Well-said. Spam is not about content. Never has been. Never will be.

    I don't care if you're spamming h0t t33n g1rlz or discounted airline tickets to my favorite destination (Hi, Travelocity! I still remember when you spammed me through mainsleaze spamhaus m0.net! You haven't gotten any business from me ever since, have you?). You spamma my account, I pounda you ballz flat widda wooden mallet.

  • I have been using a email forwarding service at www.pobox.com for several years now. It does a good job of cutting down on spam. It also allows me to move from ISP to ISP and still have the same email address.

    The spam blocking doesn't stop it all but it cuts it down to one or two a day. I have redirected my pobox.com email through yahoo.com and yahoo bulk filter picks out 3 or 4 a week that pobox.com lets through.

    The biggest thing that helped was moving and marking as read email that doen't have my email address in the TO: Once a week or so I can pick through the spam folder and fix up my email program's filters to take care of the email that shouldn't have gone to the spam folder.
  • I have a similar setup - each time I sign up for something that requires an e-mail address I give something along the lines of companyname@aftermath.cx (eg. amazon.com@aftermath.cx) - this means I know exactly where it came from and can blame the correct party :)
    --
    - Bob
  • Mr. Bun: Morning. Waitress: Morning. Mr. Bun: Well, what you got? Slashdot Waitress: Well, there's egg and Cowboy Neal; egg, sausage and bacon; Linux and spam; egg, Windows NT and spam; egg, Bill Gates, Linux and spam....(Vikings start singing in background). Vikings: Spam, spam, spam, spam, lovely spam, lovely spam. Mrs. Bun: Have you got anything without spam? Waitress: Well, there's spam, egg, science articles, Red Hat Linux and spam. That's not got much spam in it. Mrs. Bun: I don't want any spam! Waitress: Ech! Mrs. Bun: What do you mean ech! I don't like spam! Mr. Bun: Shh dear, don't cause a fuss. I'll have your spam. I love it. I'm having spam, spam, spam, spam, spam, spam, spam, Windows 2000, spam, spam, spam and spam.
  • unfortunatly even when you spend the time to find where the email might have come from they spend just as much time hiding the actual data or ignoring your requests for it to stop.

    In only one instance, EVER, have I been contacted back about the unsolicited email, and that was the only time it ceased.

    Just my worthless .02
  • Spamcop's nice, but they have usability issues. They should validate your email addy once, then give you a personalized @spamcop.net address to send through. I don't want to have to wait for replies, fire up lynx etc every time I report spam...

  • You mean this?

    The argument that responding to spam generators at all is likely to bring you further spam seems somewhat convincing on the surface, but is highly questionable if you consider it. It's predicated on the belief that spam generators use software which searches the towering spires of unpleasant replies they receive from their mass-mail programs, and somehow uses this information to decide who will be spammed next time. Were this to be the case, people who didn't reply would never get mailed again. Sadly, keeping silent rarely has this effect - it might thus be concluded that spam generators don't use the replies to their spam as signs of life.

    Can't say that I agree with the logic. I have a bottle of elephant repellant here in my cube. There are no elephants around so it must be working.

  • Okay, I'll take this opportunity to plug my own site -- The War on Spam [gunters.org]. I try to keep up with the latest news and tools related to spam. I'll be adding the Death to Spam site after it's done being /.ed.

    --
    Ernest MacDougal Campbell III / NIC Handle: EMC3
  • I work as a sysadmin for a local isp. I deal with spam on a daily basis, from accounts that have been deleted months (or years) ago to my personal account where only a handful of people have knowledge of the address. (Apparently guessing email addresses is quite popular...) There are several reasons why I believe that spam will not go away any time soon:

    1. The problem doesn't primarily lie with users from smaller isp's, but with the megolith isp's. I deal with at least a couple dozen or so spams from uu.net addresses alone on a daily basis (that's only from the inactive accounts; we have hundreds of users that probably get a dozen spam messages every day). There are a half dozen other fairly large isp's that are just as prolific with generating spam. With the number of abuse messages that some ISP's get (especially uu.net), I can imagine that it may take up to a week or so to properly deal with some accounts.

    2. One major problem is the massive number of servers that are used as remailers due to their being misconfigured. (Whether that is an unintentional oversight or a deliberate action is anyone's guess...) Many of the servers that are used as remailers are located not in the US, so most likely they are not going to be as eager to follow laws that are set by the US.

    3. Another big problem is that people who don't know much about setting up a server (and all the security factors involved) are allowed to set up a server to run email for their business on a DSL, cable, or other high speed connection. Sometimes these servers are easily hacked, or just used as remailers as they are.

  • After having several email accounts over several years, I have not more than a few pieces of unsolicited mail on anything other than places like hotmail, or yahoo email systems. This says quite a lot about everyone who complains about spam.

    Most obviously, spam is caused more often than not by the reciever, not the sender. The sender needs some way of getting the reciever's email address. Most spammers don't resort to common exploits in email systems, because it takes too much effort, and if caught can lead to legal action being taken. First off, it's free advertising; if it's not simple, it's still worth nothing.

    I watch carefully where I place my email address, but at the same time I'm not paranoid about it. Of course I read all the privacy statements on any website to which I willingly give my email address. This isn't too much, anyone using the internet should be doing this just to know the information.

    Second, if I ever do get any spam, all it takes is a little time to look in the lovely headers, which aren't too complex to read, and possibly finding the ISP (or mail provider) for the sender, and forward them the message, along with a (polite) note asking them to take a look at this. This is usually handled quickly, without any hassle, and I recieve a note back from them saying so.

    The same applies for postal mail, as well. I watch to whom I give my address, and if I recieve anything I don't want, I'll either throw it away, which is normally easier, or I'll check the nice little box that says don't send this to me and send the card back, which usually already has postage paid (if not, what's 33 cents?). Of course, I usually don't get much unsolicited postal mail, either, so it's not a hassle...just like with email.

    I'm not surprised how many people get spam, either email or postal mail. I am surprised how whiney other people are about what is most often their own stupidity.

    Now granted, not everyone is stupid when it comes to handling their own email address, and they still recieve spam. This is understandable, but being upset about it is not. Treat it just as you would normal postal mail. Now, if you are generally extremely upset about postal mail and think legislators should waste time making laws that will probably have no effect, go ahead and do the same with email. Generally, this is not the case.

    I'm sick and tired of people whining to other people about their own problems. Being that most slashdoters are American, has America come so far from being decent human beings to being lazy bums who don't like to be offended?

  • There are two things we can do to cut down on spam. The first is to keep a register of domains which regularly spam, and filter them out. This requires a centralised effort and is open to abuse. The second is never to reply to spam, any which gets through your spam filter goes straight in the bin. If the spammers get _absolutely zero_ response every time they will eventually realise that it's a waste of time. This requires a certain degree of commitment from all of us, so I'll make a start by deleting any spam which arrives in my mailbox without even opening it. Keith.
  • I was wondering the same thing. I have to admit I have yet to receive any "religious or racial" spam. I have gotten a few sexual e-mails, but the bulk of what I wade through is commercial spam.

    I am Catholic. If I receive any spam saying "Happy Hanukkah", I will just file it with the rest of the spam. This form of spam might be annoying, but it does not attack my personal beliefs. My take is that it is a friendly jesture. Unfortunately, it is also spam.

    Spam saying "Down with all Catholics|Methodists|Protestants" would offend.

    He needs to explain his statement a little more clearly.
  • You complain that people have received "unsolicited religious, racial or sexual messages, a somewhat more serious matter."

    And this is more serious than commercial email ... why?

    Why is a message urging you to moral uprightness within a particular system of mythology (using here the academic definition of mythology, which contains no implied truth value) more offensive than one trying to get you to buy crappy credit cards? The problem is that you've placed religion in a box that says "don't touch!" Well, guess what: not all religions are created equal. There are some serious and substantial differences in religions, and it is not wrong for me to try to show you what I think to be right.

    Likewise, racial or sexual messages are a non-issue. I push delete on them just as quickly as the rest. I do, however, find it interesting that you are so warped as to lump religion in with pornography and racism (with no substantiating support.) You do, of course, realize that almost all religious people are extremely opposed to these "sexual and racial" messages you whine about?

    What offends me is not religious, racial and sexual messages: it's the kind of misguided pluralism you espouse, where freedom of speech exists so long as it doesn't happen to offend your particular sensibilities.

    --

  • I use a simple filter. If my e-mail address (or just domain) is not on the To: or CC: headers of the incoming mail, the mail goes to the 'spam' mail box. It's very efficient, nobody uses "Bcc:" to send real mail, so it's all spam in my spam mailbox. A few (the most targeted ones) get to my IN box, but it's no big deal.

    I also have an e-mail set up specially to get spam, to be up-to-date (I found out about viagra from a "buy viagra online" mail before it hit the news).

    --

  • And this is more serious than commercial email ... why?

    Well.. people go to wars over their little religious or racial problems, but they don't go to war over viagra (I get a "buy viagra online" mail every week).

    Of course, you could manipulate the sentence and say the opposite ('people go to wars over money, but not over [insert the topic of a religious mail gere]').

    --

  • sandman935 said:

    I thought the rule was, "Never answer spam. Answering only serves to validate the spammers database."

    Yes, that's a good point. Another one is where it mentions:

    in addition to 1-800 numbers, 888 and 877 numbers are also toll free, a recent innovation of the phone company as the supply of 800 numbers began to diminish. An 800, 888 or 877 number is just like a regular number, except that the owner of the number pays for all calls to it, rather than the originators of the calls. Every time you call an 800, 888 or 877 number, the owner of the number gets billed.

    Well, I'm not sure about all three numbers, but never call a "toll-free" number you don't trust. You can get an 800 number in the Caribbean Isles, that works like 900 numbers in the States.

    On a slightly unrelated note, I'm planning to start a mail server in the near future, and avoiding spam is one of my main priorities. I don't know if I'm willing to go as far as making a safe-list of trusted addresses, but I'm considering making my email account abuse@.. or webmaster@.. or something similar due to this. Any suggestions of which would be the most effective one to get past address-harvesting bots? (I plan to do a few spam honeypots on my site as well) And yes, not posting my email address around and using suffixes or identifying addresses when using an email w/ a company are also good ideas.

  • I get Pron ads all the time! Maybe I'll just write a simple filter to delete messages that excessivly words like "hot, wet, tight, young, call me, horny". I wouldn't mind it so much if the sites they were advertising were real or if they sent a nice free pict with the e-mail. :-)

    --

  • While spoofing mail at the TCP/IP layer has become trivial

    When did spoofing TCP connections become trivial? SMTP requires the TCP portion of TCP/IP, meaning it requires a return connection. To have a return connection you need to be able to talk back to the source IP address. You can trace, record and block them.

    That guy got black faxes all day long

    Sure, lower yourself to the spammer's mentality(sp?) and get yourself charged with theft of communications while you're at it.

  • Where are these guys getting the E-mail addresses from?

    If they are getting them from web pages, then maybe we could create PERL scripts to generate random E-mail addresses on strategically placed webpages. I envision a webpage with Thousands of fake e-mail addresses generated daily by a script.

    Death to the spammers!!

  • If parsing headers of spam messages and attacking the server that posted it will help. If sending a spam message means to be DOSed for the provider, they will listen more carefully. We could even design a DDOS module that would use everyone's resources to spam the spammer. If we cannot get to the guy himself we can get to somebody who let him through.
  • I have a spam filter targeting the TO: only (to hell with the CC: - that's probably spam anyhow) as well, but I also have a set of filters for the targeted emails, based on subject, and a set of filters for those things (like lists I am subscribed to) that I want to get through.

    So far it has worked rather well - I just wish I could set these filters up on the ISP side, instead of under Netscape (so that I didn't have to download the email).

    One thing I am thinking about trying to do is set up some method (a script or something) to scan through the spam box and route requests to SPAMcop periodically - on an automatic basis (I like SPAMcop, but it is a pain to do everything manually - does anyone know if something like this exists?)...

    Worldcom [worldcom.com] - Generation Duh!
  • You should NEVER reply to Spam. On the chance that the email is a valid one, replying will just get you more spam.

    I have proved this because I use disposable email addresses. Each time I sign up for a new service, or post somewhere, I use a fresh email address. I have my email system set up so it's of the form encodedaddress@mydomain.bob (I won't give the real one here). Any email that goes to mydomain.bob, no matter what address, reaches me.

    I have a little web form that lets me turn on the current set of active addresses.

    BTW: I have received spam from otherwise reputable companies even after I checked the "Don't send me any messages" button when I signed up for their service! I can tell where it came from because I can look up where I used that particular disposable email address.

  • Can't say that I agree with the logic. I have a bottle of elephant repellant here in my cube. There are no elephants around so it must be working.

    No, you're right, it's bullshit.

    You can try it for yourself, create a throwaway account (make sure it's hard-to-guess so that you won't have dictionary attacks) and reply to a "remove list". I can tell you, spammers won't care if you weren't on the list, they'll make sure you get spam. I tried this once, and got about 15 spams within a week.

    This article is simply not very well written, I don't think it is a Lumber Cartel [tinlc] Agent behind it.

    I'll just repeat: Never respond to any e-mail addresses you find in spam!. Either, it's someone you certainly don't want to give any details to, or it might well be an innocent third party, who you can bet is pretty deep into trouble allready. It has happened to me a few times. I even had to close a mailing list with a community that had taken my a few years to build.

  • Until you got to the covering of legislation I was wondering how the heck this made it here. Nice bit on that...

    Kierthos
  • ..my Intray seems to have received much more spam ever since I was daft enough to put my email address on a couple of websites I set up. Next time I'll remember to use hotmail addresses or similar. Anyone got any better suggestions ?
  • *shrug* On my ongoing attempt to actually make a web-page, I used the e-mail that came with it. And then I never read it.

    You might also try a re-direct to yahoo mail, and never read that. BTW, yahoo does have some kind of bulk mail filter, so that does help.

    Kierthos

  • Spam is a free market ideal (Score:1)

    by Anonymous Coward

    Why is it that the hordes of slashdot libertarians who rave at the mouth whenever the issue of increased government intervention in their lives start crying out for it whenever they get a piece of spam in their inbox? Sorry folks, but it's just one of the prices you'll have to pay for your laissez-faire capitalist ideal, and if you whine about it then you're being hypocritical.

    After all, spam is nothing more than free advertising! And more than that, it can be used quite easily for targetted free advertising, the holy grail of the marketing business. And add things like web bugs and the like and spam becomes an invaluable tool in a free market online economy for assembling demographic information and advertising products. And the only person that has to pay for it is the recipient, which makes it a great efficiency booster.

    See, isn't spam great?

  • I hate spam. Imagine showing your Mum how to use email, and she dials up, checks the email and gets "XXX hot cum loving teens.com" messages - not good.
    This is one area of the Internet that does need a regulatory body to clamp down on these scumbags. And I believe one of the free email address websites even has a "bulk mail" option...
    I don't know how to make this work, or if it is even possible. But in the UK, you pay per minute for your internet connection (it's getting better, but slowly though), and these spammers are effectively stealing from me. But it is not in the interests of government to clamp down on it (hey, it's internet advertising, right? We gotta help those dotcom's make some money so we can claim to be "wired" as a nation) and whilst the efforts of RBL and others are welcome, I still get 25+ emails a day of crap I just delete.

    Strong data typing is for those with weak minds.

  • I've received so much spam over the past few months that I have been all but completely forced to block *everything* and only allow e-mail from trusted users... It hasn't got quite to that point yet but it's getting close. Friends and family send stupid little cute e-cards to me via e-mail and the place that they send it from feel obligated to spam the shit out of me from that day forth.

  • A practical approach (Score:4)

    by tolan's my name ( 234431 ) on Friday December 22, 2000 @01:31AM (#1408893) Journal
    Clearly /. readers tend to be fairly savvy about spam protecting their email etc. An additional way to prevent SPAM is to directly get the spam accounts closed. The basic way is by extracting from the email header and a few pings/fingers which computer the SPAM actually came from and then getting its owner to shut down the spam account [there is a full acount of how to do this on Happy Hacker [happyhacker.net]]{grrrh its down at the mo though ;o( }.

    It tends to take about 10 mins per account, and can feel hopeless, but remember that there are more spam victims than perpurtrators, and if everybody on /. did this then......

    Anyway it beats simply moaning about the phenomenom.
  • Because we don't want the spam. It's one thing entirely for the guv'mint to use something like Carnivore to invade our privacy. We, the 1st Slashdot Legion, fight against that because we have a right to privacy (at least in the U.S.). It is entirely another thing to receive unwanted e-mails, consistently.

    If I don't like a commercial on TV, I change the channel. If I get junk mail via snail mail, it goes into the nearest garbage can (except for the pizza coupons). But for those who are using ISPs who have to pay per minute or hour (anything but unlimited usage, really), spam can be an annoyance. Especially when you have to take time to verify that it is spam and not something else, as not all spam is easy to detect as the stones of crap that it is.

    Furthermore, a lot of the spam I personally get is from sites that I have never been to, but which have banner on sites I visit (luckily, I haven't gotten any spam from /.). I did not visit their sites, I do not want help with my mortgage (I live in an apartment for God's sake), I don't need aluminum siding (same reason), and I don't want to consistently hear about savings at Amazon.com.

    Combine that with all the unsolicited porn spam that damn near everyone online gets, and it gets damn annoying.

    That's why we fight against spam. And thanks to legislation, we can tell the spammers to stop. If they don't, we can sue them. Besides, I don't like paying for something that I didn't want to receive in the first place. If I liked that kind of crap, I'd have stayed in that tape club.

    Kierthos
  • Absolutely correct and this should be moderated up as a warning (especialyl if this article is meant to be a newbie starter). Answering spam validates your address automatically and will never ever get you removed from their database. You'll end up getting more spam than before. This also applies to "Remove me" buttons, "Reply to deletelist@sexfun.com" URLS and etc devices that spammers use to confirm your email address is real and active. Validated emails are a valuable commodity. This piece of advise in the text is very bad advise.
  • If you have Windows 95, 98, ME, NT or 2000, there's a very useful gadget included with your operating system software called TraceRoute.

    This shows the level of the writer.. and the introduction says that he is modest, and doens't want to tell us about the list of books he has written. Anyway, not really what we expect from /.

    -Not a flamebiat.. I'm sure about it.

  • Another howto, slightly more technical (Score:3)

    by Silas ( 35023 ) on Friday December 22, 2000 @03:07AM (#1408897) Homepage
    If you're interested in another comprehensive howto document that's slightly more technical and includes more info for sysadmins and organizational policy makers, check out this qmail anti-spam howto [summersault.com] .

    Note that a lot of the instructions given in the "death to spam" document can be consolidated and handed off to services like spamcop [spamcop.net], which will do all the tracking down stuff for you and just tell you which address to send abuse complaints to. Very handy.

  • Well, spammers get a lot of addresses in their database that aren't real. Knowing which ones are real and which ones aren't can be a useful thing.

    Question: do they ever remove addresses? Why do I ask? What if you sent back one of those e-mails you get bounced back at you when an e-mail account you mailed doesn't exist? Would their software remove you, beacuse you (in it's mind) don't exist? Just a thought...

  • Most ISPs need to put more meat behind their AUPs. Sure, you can get your (throwaway) account terminated. Ooooh, scary...

    What if ISPs would put a clause in the contract saying (in legal verbiage),

    If you spam, we will disable your account, and charge you our $2000/month spamming violation fee until such time as you terminate the account. Furthermore, if you fail to pay the fee, we will turn the matter over to our collection agency, Guido, "No-Neck", and Psycho Louie the Knife

    As I've said before, "Follow the money"
  • There is really no reason for this to be on the main page of slashdot. The site is poorly written and contains much outdated and incorrect info. There are plenty of better anti-spam resources on the web.

    This site advocates threatening spammers (telling them that you sent them a tarantula? excuse me?), and replying to spam, both of which should never be done. It also says you should threaten to mailbomb them. The information is outdated - this site talks about Cyber Promotions, which is long-dead. It also mentions some of the failed US spam bills as current legislation.

    Finally, the site is against spam laws. While everyone is entitled to their own opinions, a vast majority of legitimate anti-spammers believe legislation is the answer, just like legislation is the answer to junk faxes and telephone harassment.

    This really doesn't belong on slashdot. Can we have some sort of editorial discretion here, please?

    --

  • I've been online since 1994, my very first email address is still active. I get some spam on all of my accounts but never so much that it gets annoying.

    My impression is that trying to get rid of spam actually requires more energy than accepting the occasional viagra advertisement in your inbox. Somehow the people complaining about spam invariably are techie types. Normal users don't seem to care much.

    However here's some free advice:
    - get a yahoo/hotmail/whatever address and use it whenever you are required to leave your email address.
    - when leaving your real address on a public site add a .nospamplease extension to it.
    - use filters to get rid of annoying content

    These are the only anti spam measures I take and they seem to work fine for me. It doesn't stop everything, but the remaining spam is nothing but a minor annoyance.
  • The toll free numbers never work anyway. Think about it, would anyone be foolish enough to spam a few hundred thousand people and then not expect to get a rash of calls from the thousands who are so rightly pished off about spam? Not bloody likely.

    I'm getting a lot of spam from taiwan these days and there's not much one can do about it, short of a procmail filter to block everything from .tw. It seems to me though that international treaties could be established to go after countries that do not effectively deal with the problem -- assuming that the S7 countries could be convinced that it is a problem that should be dealt with -- then black-holing the entire .tw domain might be an effective way to get those behind .tw playing nice.

    <disclaimer>
    don't take this as a general indictment of the taiwanese, because that would be stoopid
    </disclaimer>

    Something like this has to be done though because it's pretty obvious that it's not going to happen voluntarily.

    Boycott Coke!
    Report a Spammer Today!

  • I was going to post roughly the same thing about having a garbage hotmail account. But since you've said that, I'll elaborate on it a little bit -- make your hotmail something with no meaning (like kh4h9s3an for example) so you won't be hit by the "dictionary" spammers, who just make lists based on dictionary words, maybe with a two digit number appended to it.

    Second point (unrelated to the first), has anybody else noticed the extreme crap-ability of the site mentioned in the article? Not only is the design bad, but the load time is ridiculous! Has anybody else experienced this? It may just be because we're all hitting his site now, and he's not used to getting so much traffic. All I know is I've been waiting for a "next page" link to appear at the bottom since before I started writing this post, and the page is still trying to finish loading.

  • Another problem I've found with Spamcop (which I use a lot) is that they're famous with sysadmins, and I expect that as a consequence of their automated messages being quite easy to recognise, and the huge amount of messages generated for anyone with a large web presence, the providers are getting a bit pissed off with Spamcop.

    I know they ought to be more sensible and prevent the use of their services by spammers, but the problem is that there's a growing number of ISPs who generate the Spamcop message "xxx@yyy.zzz.com refuses to accept Spamcop reports" during parsing.

  • Why bother going to so much effort to deal with spam. Bookmark your page at spamcop.net, and let them do the work for you. And never, never, reply directly.
  • Hotmail has "bulk mail" option, but limit for 250 spammers Ozgur
  • I must have sent several dozen messages since I first heard about it, and they average about two notification addresses each, and I've only noticed one mention that "so-and-so does not wish to receive spamcop messages".

    I think it was thoughtful of Julian to provide that kind of support for his "customers" on both ends of the deal. Overall, Spamcop leaves the impression of a very high standard of professionalism.

    I'm sure there are lots of ISPs that just put autoresponders on their abuse mailboxes, and ignore everything that comes in. We certainly can't rely on that kind in the war against spam.

    Sadly, we probably won't really get the issue solved until the volume of complaints reach the same order of magnitude as the volume of the spam. Automated services like Spamcop should help get us there sooner.

    Someday I'm going to look at Mozilla's mail client code and see what it would take to put a "spam" button on the toolbar for one-click spambusting. Maybe provide a configuration menu that would let you choose between forwarding it to spamcop (or similar services), sending it to your own script, spellchecking it and replying with a bill for your services, or simply adding keywords from the address and/or subject line to your mail filters.

    --
  • Spam that says something along the lines of "If you're under 18, delete this message. Otherwise click on this link http://xxx.xxx.xxx/tracking-number=xxx for a xxxxxxxxxxx time". I don't like receiving it, but I will just spamcop it and delete it. I'd be really really bothered if I had children. I really really don't want them get email like this. I don't particularly want to censor my future 7-yr olds email...
  • Check out www.onename.com [onename.com] and www.xns.org [xns.org] for the solution to spam. I've posted this comment many times, and most people don't seem to see it as it's usually on a topic not visible from the main slashdot page (nice design there, Slashdot).

    I've also had it rejected as a Slashdot topic. I guess only articles COMPLAINING about spam, as opposed to SOLVING IT get posted.

    I'm no longer really in the mood to write up a complete explanation of how it's going to work, but trust me (I used to work for the company), the end of spam is nigh.
  • It was only a few days after I changed my email address here on Slashdot before I started getting hit with Spam. Thanks to Sneakemail.com, I know where they get my address from.
  • I try to filter out most of the spam through filtering, but the most annoying spam I have to get is that stupid person who keeps sending me advertisements for UNIVERSITY DIPLOMAS.
  • www.spamgourmet.com"> [spamgourmet.com] check out this service if you'd like to keep signing up for spammy stuff but don't want the spam -- too bad there's no help for existing address proliferation
  • A spammer can send an HTML e-mail with a &ltIMG SRC="http://342349234/cgi-bin/logo.pl?email=you@yo urisp.com"> in it and then they have the script log who read the e-mail. That's why I usually use pine for e-mail.
  • Actually they can be worse.
    A few months ago a was getting slammed with religious messages. They were down right foul. I won't bother repeating them but they went after just about everyone (Pagans, Jews, Catholics, etc). It took be weeks to track down all the networks it was comming out of and get the accounts wacked.

  • Yahoo has a bulk email filter. Earthlink also offers a filter called "Spaminator". I just checked it. So far, Spaminator has intercepted over 200 emails since early November.

    It seems to me that Earthlink intercepts more email than Yahoo. YMMV.

  • Thank you for this excellent example of spam.

    Kierthos

  • Reply? (Score:3)

    by sandman935 ( 228586 ) on Friday December 22, 2000 @01:42AM (#1408917) Homepage

    The article says:

    When you receive unsolicited commercial e-mail, reply to it with a message which states unequivocally that you're not amused.

    I thought the rule was, "Never answer spam. Answering only serves to validate the spammers database."

  • Slashdot feature request (Score:5)

    by Howie ( 4244 ) <howie@NosPAM.thingy.com> on Friday December 22, 2000 @01:43AM (#1408918) Homepage Journal
    Rob/VA/Whoever: Can't you have some sort of macro set up so that when you post the weekly Spam/Napster/Microsoft story, it automatically posts all the standard replies?

    It would save everybody discussing whether my house is like your mailserver, or your gun rack, and whether musicians make money again and again. I expect with the geek-minutes saved in not posting the same long rants over and over, it would be possible to have another really really good X IRC client (with skins, perhaps), or another clock [ae]pplet.

  • Good anti-spam resources (Score:5)

    by beebware ( 149208 ) on Friday December 22, 2000 @01:46AM (#1408919) Homepage
    If you hate spam, try visiting spam.abuse.net [abuse.net] for help/advice, the alt.spam FAQ [netmeg.net] for advice on filtering/tracing spam - and many more resources [beebware.com].

    I've also got a collection of reviews about spam filters [beebware.com], Procmail filtering advice [beebware.com], and Windows anti-spam software [beebware.com].


    Richy C.
  • love the IRC and applets comments, and I was just about to go of and code O's and X's for my Dock to.....
  • Ouch.

    If the companies/organisations pay for the email shot actually realised that their money is being spent sending stuff to people who are not merely uninterested, but actually unable to take advantage of (or in this case, unable to understand) the 'offer', perhaps they might think again about using such a scheme - it's pretty obvious that people on the email shot who live in a country that:

    • generally does not speak the same language as that contained in the email
    • are unable to take 'advantage' of the 'offer' because of location or eletrical differences (ie 'get your satellite decoder for $99')
    • is excluded from the 'offer' (ie offer only valid in US)
    are wasting valuable money.

    The only problem is determining where someone lives when the email address is obtained through underhanded automatic trawling of web pages.

    Just a note here - does (and should) /. have any traps for email trawlers?

    Steve.

  • Hey, guess what. I don't like Linux. I don't like to read about it, I don't like to see it on people's computers, I don't like to see Linux software for sale at Best Buy.

    What I believe I will do, inspired by your post, is to contact my congressman and my local news outlet and suggest to them that software like Linux is the root of all hacking and IP theft. Since it is freely distributed there is no way to track who it is at the other end of the wire when your server is being attacked. Thus, is we write a few laws making it illegal to own a copy of Linux we can have legitimate companies (like Microsoft) distribute operating systems and require that all users register with their personal information. We'll all be safer and the price of goods and services will go down because Ip theft will no longer exist.

    Anyway, you have inspired me to stop looking for solutions to my own problems and to instead turn to my government. Obviously, they can be trusted to determine who is right and who is wrong, who is peddling a legitimate operating system and who is really trying to assist criminals. I'm sure they will do this in an efficient manner that is equitable to everyone involved. I'm also sure that it won't cost me a cent (unless you count the taxes that come out of my check, but I never see that money in the first place)

    Anyway, thank dude, you helped me see the light. Government control is the answer to all of my problems, not personal responsibility. I have a new found respect for you.

  • Before I post some spam-related links, allow me to explain why spam is bad, since I'm sure noone who reads Slashdot knows: The true cost of spam is that

    Oh wait, I already have 50 karma, nevermind.

    sig:

  • I'm fed up with posts on every story about spam, napster, or some other sort of internet freedom, accusing the stereotypical "slashdot libertarian" of hypocrisy. "You're pro-napster, pro-deCSS, pro-GPL, but you're anti-spam and you actually want to protect the copyright on works you create? What a hypocrite!"

    I know I'm replying to a troll, but plenty of people are serious when they write this kind of stuff.

    1. You can't make a generalization of the /. audience. We're all individuals, and we don't all share the same views on every issue.

    2. The Napster, DeCSS, spam, and GPL issues are only similar on a superficial level. Boiling my beliefs down to "information wants to be free" is a great oversimplification of the issues. Napster != spam. The fact that I believe Napster will ultimately result in a better variety of music for the consumer, as well as the demise of the record industry, doesn't force me to support spam! Spam is an invasion of my privacy, and an abuse of the public network, simple as that.

    Don't label me a hypocrite because my opinions should either totally agree with "information wants to be free," or not agree with it at all.

    --

  • Hotmail has several anti-spam measures in place now. I've gone from 75-100 spam a week to about 5 a week.

    But what Hotmail has that I haven't seen before is an option to only accept messages if the sender's address is in your address book.

    Turn this on and no spam. If you are expecting an email from an address not in your book, just switch your settings for a few days.
  • I've been on the net since about 1993, and never really receieved spam more than a few times a year -- even nowadays. That is, until a couple weeks ago; I registered a domain for the first time, and the minute my name and E-Mail were in the whois databse I was getting about three spams a day. Do spammers look through the whois database or something?

    I sent comlpaints to the person's ISP, they've gone away and I haven't received anymore for a while.

    For a while though I considered just settings up a mail rule that forwarded then delete any mail from msn.com to abuse@msn.com -- since that's where most of it was originating from.

  • If you join, and pay for the service (which I do), then you'll get your own spamcop.net email address. At that point, you can either have your current mail forward through your spamcop account, or have spamcop POP your mail for you. It can POP multiple accounts.

    It's also usage based, which means you pay for the amount you use it (by byte). Unfortunately, I received a number of very large attachments recently, and it ate heavily into my "fuel".


    ---- Sigs are bad for your health ----


  • Just a thought: How are "unsolicited religious, racial or sexual messages, a somewhat more serious matter" than junk advertising? Fundamentally, what makes this kind of junk communication any "worse" than that kind of junk communication? Oh, that's right... things like religious, racial and sexual messages attack a person's beliefs, but advertisements don't do that, right? Junk email is just a product of an over-zealous businessman, right? (Yaaay capitalism)

    Think about it.
  • I did an empiric test a while back. I created an email account, submitted it to a couple of sites that wanted my email for some reason (only use)... watched the spam come in for a month... then replied to spammer remove lists, the amount of spam tripled the next month. Now there are some other explaination to this test result for instance there could be a delay spam effect that means my amount of spam would have increased anyway, etc, etc, I didn't bother to carry out a full and conclusive study but my advise would be NEVER REPLY. Does the author really think that spammers read their email and will agree to do as requested because of your response, because they're basically good and reasonable human beings... I won't even go into the bit about the fax law being applied to spam, I believe there was a court ruling a while back ago that said the opposite...
  • I'd still have to launch a browser every time I get spam. That's not efficient enough for me...
  • Oh well, TANSTAAFL I guess. :-(. I'll just have to write/find/combine a decent spam replier script then..
  • See www.stopspam.org for some advice considerably better than this. As usual, slashdot digs up a poor quality site.
    1. 1800 numbers are not always toll free. You could end up making an expensive call. If you want to abuse the 1800 number, do it from a public phone to make sure they're paying and to prevent them from tracing you.
    2. Don't reply directly to spammers. What, you think they actually read their mail ? Most of them use disposable addresses. Certainly, the return address will not be one from which they read email. DO complain to the idiots ISP. See stopspam.org for more ideas (for example, if they claim to have made money with the scheme, report it to the IRS!)
    3. Never respond with a threat. (btw, if you mailbomb to the wrong address, you'll really get burnt)
    having said all this, I think spammers should be fined on a per-message basis, or on the basis of the number of complaints against them.
  • "...never call a "toll-free" number you don't trust. You can get an 800 number in the Caribbean Isles, that works like 900 numbers in the States. "

    Hmmm... you could try calling them from a pay phone, that might provide some protection for that sort of scam.
  • In addition, a 1-800 number call from a pay phone gets the 1-800 vendor more than the normal 0.05-0.15 per min charges, but also a $0.35 set up charge.
  • Fair enough - if you're a sysadmin or on the receiving end of an abuse account, and you were convinced, I'm willing to be convinced also!
  • After all, spam is nothing more than free advertising! And more than that, it can be used quite easily for targetted free advertising Yea uhhuh Then the free advertizing needs to be placed on a national web site, where who ever wants to solicite the advertizing CAN. Finding this national site, if the site is listed with search then who wants the adds can search for adds. Time is $. There are many people who value their time. the people that are selling our addresses to faten their pockets are nothing more than theft of private time, think about it :)

  • Use a formmail feedback form instead of a mailto: link (it'll be appreciated by people who haven't intergrated their mail client with their browser), and if you want to have you email address on display - mangle it.

    Try replacing the @ with a small image, with the character code 64 (which is the code for @), splitting it into a three column table (ie [me][@][domain.tld]).


    Richy C.

  • Re:A practical approach (Score:3)

    by Black Parrot ( 19622 ) on Friday December 22, 2000 @01:50AM (#1408938)
    > An additional way to prevent SPAM is to directly get the spam accounts closed. The basic way is by extracting from the email header and a few pings/fingers which computer the SPAM actually came... It tends to take about 10 mins per account...

    I would like to put in a plug for a free automated service that someone mentioned here a couple of weeks ago. Just forward the message to spamcop@spamcop.net, wait for the automated reply, visit the Web link mentioned in the reply, and click the "send" button. They do all the parsing and lookup for you.

    I have found it fairly effective. In particular, Spamcop got me removed from an annoying commercial list which I had fruitlessly sent in multiple complaints about all through the past year. Now you can bust a spammer almost as easily as he can send out his spam, and since it's so convenient you can often get it done within seconds of receiving the message, instead of letting the tedious parsing stack up for a week while the trail grows cold.

    [On the other hand, I've been getting a lot of .tw spam that has not subsided since I started using Spamcop. I rather suspect that the "abuse" handlers at some ISPs are actively involved in the spamming.]

    For more information, visit spamcop.net [spamcop.net], and read the instructions carefully. Notice that you have the option of "joining", but you can use the e-mail based service for free.

    I am not associated with Spamcop; just a happy user.

    Ah, there's some now! I hope the spamcop server isn't /.ed when I send in my fresh spam. And I would like to thank them for the service they are providing the public.

    --
  • Instead of using a free Hotmail account, try out Sneakemail [sneakemail.com]!

    It's a cool and simple way to create disposable email-addresses and avoid spam.

    Whenever you need to give away a working email-address, you just create a new sneakemail-address, which you use instead. All mail from these sneakemail addresses will be sent to your real email-address, but if you recieve spam on one of the sneakemail addresses - you'll know *where* the spammer got your address from!
    Example: You give out an email-address to Amazon.com (and *only* to Amazon.com - you should only give out each sneakemail-address once!) and a few weeks later you recieve spam on that address. Because Amazon.com was the only peolpe aware of that email-address, you can be certain that it was them which either sent you spam, or has given your addres out to others!

    If this doesn't make any sense to you, go read the tutorial on the sneakemail site - they are much better written.

    Greetings Joergen

  • True - never ever respond to a spammer, you just validate your address. However, respond to abuse@[spammers isp] and you'll hopefully just the spammer cut off.

    Not sure who the ISP is? Try the resources on spam.abuse.net [abuse.net] and here [beebware.com].


    Richy C.

  • WTF?, I read this months ago, its not news, its just a page on a web site, it could have been there for years. Maybe /. can direct us to some more musty, aged web pages like a flock of nerd sheep. Must be a very slow news day. Did andover.net impose some sort of quota?
  • I am fed up with the amount of crap I get through my pobox account. For 3 months I have sent the spam back to abuse@pobox and never seen any action. Anyone see any reason why I shouldn't start sending 100 reports back to them per mail so that they get the message?

Slashdot Top Deals

A complex system that works is invariably found to have evolved from a simple system that works.

Close