Christmas Spam Level Skyrocketing 286
dbolger writes: "ZDNet has this brief, but interesting article about how the amount of spam we recieve in our inboxes has increased 650% since this time last year. Nice to know that that anti-spam legislation passed a while back is having an effect (not)." For PINE users, just remember the magic spell: "m s r f a."
right.... (Score:3, Redundant)
The growth in the number of people connecting to the net should be much higher....
Re:right.... (Score:2, Interesting)
The cheaper PC parts get, the more new users.
The more new net users (AOLers?), the more spam.
I recall reading something on news.admin.net-abuse.email a while ago about a company that provided webhosting to businesses, and something like 95% of their new customers spammed. I'd imagine that rate could be applied to new members of online services a la AOL, Prodigy, et al, and probably half that rate for new net users connecting via actual ISPs.
Re:right.... (Score:2, Insightful)
I seriously doubt the internet has 6.5 times the number of users it had a year ago. In fact, the UCLA report mentioned on Slashdot yesterday [slashdot.org] shows that internet usage by Americans grew by 66.9%.
Assuming the rest of the world's internet growth mirrors that of the U.S. (which I assure you it hasn't), the amount of spam being sent is growing 10x faster than the number of new users coming online.
Re:the rest of the world... (Score:5, Interesting)
Despite more than 2/3 of the Internet-users beeing non-us-citizens, 90% of all spam originates in the US. This is most likely due to permissive legislature in the US. In Italy for example collecting (e-mail)addresses and other personal data is illegal, unless you have written permission from the user, or you have a business realationship (italian law #675/96, aka privacy law).
IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.
Ciao,
ms
Re:the rest of the world... (Score:2)
Re:the rest of the world... (Score:2)
You've answered your own question. The number of people competent to hand-roll a procmailrc, let alone install all the other needed anti-spam tools, is a tiny fraction of the total number of email users. And maintaining all of that anti-spam infrastructure to keep up with the latest spammer tricks.
This is a classic arms race, and it's one that the spammers will likely keep winning. Why? Because they care a lot more. A bunch of spam is a time-wasting minor annoyance to you, but their livelihood to them.
Legislation that allows recepients to sue spammers is perfectly enforceable. And even if the legislation only provided criminal penalties, it would still be valuable. For example, the folks from Paetec could have quickly booted the spammers of their network, rather then getting caught up in a multi-year legal battle [paetec.net].
Permissive legislature? (Score:2)
Its just really difficult to enforce.
And you saying we're too permissive? What, do you kill spammers in Italy?
Re:the rest of the world... (Score:2, Funny)
And the phone numbers you should call, or the PO-Boxes you should send the money to, or the incredibbly trustworthy companies you should invest in are located in _______ (insert correct answer here).
Yahoo Spam filters (Score:5, Informative)
LS
Re:Yahoo Spam filters (Score:4, Informative)
I'm now using those, finding spams semi- heuristically and reporting SHA1 hashes to razor servers, with much happiness.
Re:Yahoo Spam filters (Score:2)
Re:Yahoo Spam filters (Score:3, Funny)
-Legion
despammed (Score:2, Interesting)
no r... (Score:2, Informative)
Re: no r... (Score:2, Funny)
No r? Since this is a Christmas thread, your subject should have been No l.
Both sites and advertisers are desperate (Score:5, Interesting)
When will this madness stop? Users may flee sites that harass them too strongly. Then again, the general level of advertising in our environment has been slowly but steadily increasing for decades. I doubt this trend will stop anytime soon.
Re:Both sites and advertisers are desperate (Score:2)
no big deal (Score:2)
>obnoxious ads at us as we try to look at the stars.
*shrug*
just don't learn morse code, and you'll be fine . . .
;)
hawk
Re:Both sites and advertisers are desperate (Score:2)
Just wait till the day we have satellites in the sky blinking obnoxious ads at us as we try to look at the stars.
Remember the Heinlein story, I think it was "The Man Who Sold the Moon", where the guy got funding for a moon mission by working with soft drink companies about putting great big product logos on the surface of the moon.
shudder...
Want to incur a LARGE cost on spammers? (Score:4, Interesting)
Re:Want to incur a LARGE cost on spammers? (Score:3, Interesting)
<?php
error_reporting(E_ALL);
set_time_limit(0);
$agents = array("Mozilla/4.75 [en] (X11; U; Linux 2.2.16 i686)",
"Mozilla/4.74 [en] (X11; U; Linux 2.2.10 i686)",
"Mozilla/4.72 [en] (X11; U; Linux 2.2.12 i686)",
"Mozilla/4.73 [en] (X11; U; Linux 2.2.14 i686)",
"Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)",
"Mozilla/5.0 (X11; U; Linux 2.2.16 i686; en-US; 0.7) Gecko/20010105",
"Mozilla/5.0 (X11; U; Linux 2.2.14 i686; en-US; 0.7) Gecko/20010105",
"Mozilla/5.0 (X11; U; Linux 2.4.3 i686; en-US; 0.6) Gecko/20001206",
"Mozilla/4.51 [en] (WinNT; U)",
"Mozilla/4.72 [en] (WinNT; U)",
"Mozilla/4.74 [en] (WinNT; U)",
"Mozilla/4.08 [en] (WinNT; U)",
"Mozilla/5.0 (Windows; U; Win95; en-US; rv:0.8.1+) Gecko/20010426");
srand((double)microtime() * 1000000);
shuffle($agents);
$agentCount = sizeof($agents) - 1;
function HTTPGet($url)
{
global $agents, $agentCount;
if(!($fp = fsockopen("www.overture.com", 80))) return FALSE;
fwrite($fp, "GET $url HTTP/1.0\r\nHost: www.overture.com\r\nUser-Agent: " . $agents[mt_rand(0, $agentCount)] . "\r\n\r\n");
$html = fread($fp, 100000);
fclose($fp);
return $html;
}
mt_srand((double)microtime() * 1000000);
preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+email"), $urls);
preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+mail"), $urls2);
$urls = array_merge($urls[1], $urls2[1]);
shuffle($urls);
$linkCount = sizeof($urls) - 1;
while(TRUE)
{
$html = HTTPGet($urls[mt_rand(0, $linkCount)]);
if(strstr($html, "HTTP/1.1 302")) echo preg_replace("/^.*Location: http:\\/\\/(.*?\\r\\n).*$/s", "\\1", $html);
}
?></A></A>
Re:Want to incur a LARGE cost on spammers? (Score:2)
Spam or junk? (Score:5, Insightful)
In the body of the article, they describe how jokes, animations, and greeting cards are clogging the system. Well, duh! Ask the USPS. They get clogged with lots of this stuff at this time of year; they're called Christmas cards.
This isn't really spam per se. It generally comes from people you know, even if you only hear from them once a year. Somehow the mailman and my mailbox cope with the onslaught every year. If your corporate infrastructure can't handle it, well what will you do if there is a legitimate boost in business traffic?
I guess these people will just crack the whip on corporate use policies again. Fat lot of good that seems to do.
All this trumpeting about %650 increased spam is an alarmist waste. (Not that I really want any more of the tons of weight-loss pills; credit fixing programs; appeals from Nigerian humanitarian organizations looking for my bank account number, promising free money for my help.)
Re:Spam or junk? (Score:2)
You get those emails from humanitarian organizations? I always get those emails from some relative of a deceased dictator or general.
Maybe these emails are more targetted than we think...
Re:Spam or junk? (Score:2)
Jebuz, tell me about it. My birthday is this week and my mother has taken it upon her self to send me about ten of these greeting cards a day. I am of course, an ungrateful little bastard and all but I just can't friggin stand this. I apreciate the thought but it is really helping to drop the signal to noise ratio in my inbox.
I must find a way to stop this without hurting her feelings or adding her to my killfile. Anybody got some DDOS bots I can borrow?
Filters: Pine and elsewher (Score:2, Interesting)
Here is a suggestion: As a Xmas gift to your fellow
Ho HO HOLD (the SPAM)!
Re:Filters: Pine and elsewher (Score:2)
Of course, you'll have to create exception rules for any mailing lists you're on, but it works really well.
Re:Filters: Pine and elsewher (Score:2)
I use this "algorithm," and in general, it's a good one. But it's getting worse. I'm getting more and more junk email that does have my address in the To: header. The spammers are starting to figure out that this is a commonly-used filter, methinks.
Speaking of SPAM (Score:2, Interesting)
At least there are programs to block spam from your mail box, you can't do that on ICQ. Seems like they generate a new ICQ for each messenge so you can't ban them all.
Re:Speaking of SPAM (Score:2, Insightful)
It works for me anyway.
Re:Speaking of SPAM (Score:2, Informative)
Under the Security and Privacy entry on the main ICQ menu, there's an option to only accept messages from people on your contact list. To be sure, also tell it not to accept e-mail express or pager messages, as they're generally abused too.
The newer ICQ 2001b gives finer grained control over this, so you can accept regular messages but ignore URLs, etc.
With the rise in ICQIS bot usage for ICQ spam, setting these is almost a must now
Funny (Score:2)
[OT]Stupid Topic Icon (Score:2)
For a topic icon for spam, can't you have a mailbox stuffed with mail?
Re:[OT]Stupid Topic Icon (Score:2, Informative)
Really? (Score:4, Interesting)
For those who care to reduce spam and other online (and offline) annoyances, see Junkbusters [junkbusters.com] web site, also home to the free (GPL) filtering proxy by the same name.
Re:Really? (Score:3, Informative)
Oh yeah.. and then there are HTML tags that 'phone home,'
Is that true? I always thought this was some sort of urban legend. I find it somewhat hard to believe.
Sure, it's quite easy to do. Most images that load in HTML email are coming from a remote server. All you have to do is make the image come from a CGI, and tack the person's email address onto the image URL. The downside to this is that you have to send a custom email for each recipient, but half the time you do that anyway. It's a great way to see if the email is actually opened.
Re:Really? (Score:2)
Nope, it's quite true and quite easy with many popular mail clients that allow loading of external references from the net. Ever get an e-mail that caused the download of anything (pictures, website, etc.) after it was viewed? If so, your mail client is suseptible. All a spammer has to do is include some sort of ID number generated at the time of sending in the external HTML reference and as soon as his server gets the request, he knows that your address is valid. Then your name gets added to the gold list of valid e-mails and sold to some other spammer. Granted, this is not done as much in practice as it could be, but the possibility definitely exists and you should check how your mail client handles external links.
Roll your own filter (Score:3, Insightful)
Exceptions:
list of trusted sites/people.
Things specificly sent just to me.
It was amazing just what it did filter - I went from 10 spams a day to 1 a week. (mostly due to timing issue of spam pre-filter to fetchmail d/l)
It whacked almost 300+ spams from my 'public' e-mail account in one go. I also have it log the from/Subject - just in case)
Re:Roll your own filter (Score:2)
I have pretty good success with looking for nine or more continuous spaces, by the way.
Private Spam (Score:4, Funny)
And don't get me started on stupid christmas chain mails !!
Re:Private Spam (Score:2, Funny)
Ugh
Re:Private Spam (Score:2)
--jeff
MandrakeSecure (Score:3, Interesting)
A recent article [mandrakesecure.net] posted on MandrakeForum [mandrakeforum.com] talks about ways to handle SPAM using postfix and qmail. Maybe this can be useful to the larger slashdot crowd?
mailfilter (Score:2, Informative)
Then deletes them on the pop3 server before downloading the actual body.
Not news - an advert (or press release) (Score:5, Informative)
So, a company selling email filtering software say that email filtering is ever so important? What they actually said was:But their job is to build up a database of junk, so it's not really surprising - it's just saying that their database is up to date (or that their database was very out-of-date last year).
What I really hate is non-spam! (Score:2, Interesting)
"This is not Spam, I'm emailing to let you know that for only 4.99$..."
SpamAssassin works great (Score:4, Informative)
I've just tried SpamAssassin [taint.org] this WE and it works great :
...the best thing is that you don't have to perpetually update black lists of well know spammers
it is just based on content detection of spams (subject in CAPITALS; lots of exclamation marks, sp sammer X-Mailer etc.)
and it really works well
Spam will kill the internet (Score:5, Insightful)
What surprises me is how the major players who stand to benefit from universal internet use have ignored the threat of spam to the internet as a whole.
To the ordinary user receiving a daily mailbox of sexually-explicit advertising is a major turn-off. I know several ordinary people who just stopped using email because of this sort of thing, and just use their cellphones to make calls and leave voicemail instead. No telephone company would survive for a second if its voicemail customers got bombarded by the same sort of sexually-explicit advertising that internet users get by email.
Spam filtering is not a viable solution for average non-technical users. The industry needs to clean up its act or it will suffer major consequences.
If the present trends continue it would not surprise me if email actually drops out of mainstream existence and is only used by a geek subculture, being replaced by other messaging solutions that provide a safe environment.
Re:Spam will kill the internet (Score:5, Informative)
So even if they'd send you only one per year, you'd still get on average about 695 ads per day. So people, instead of JHD (Just Hit Delete), please try to find the time to figure out where the spam was sent from and where the spamvertized sites are hosted and report the spammers or they things may become very ugly...
Jonas
Filtering helps spammers (Score:5, Insightful)
I wonder if the increase in the use of filters is related to the increase in spam.
So set your filter to... (Score:3, Funny)
So set your filter to forward each spam to your congressman. B-) Say, with a nice form-letter about how this showed up in your inbox today and you'd really like the law against unsolicited faxes to be expanded to include spam, with only "opt-in" allowed.
And re-tune it periodically as the congresscritters change their email addresses.
I hate to say it but... (Score:2, Funny)
aol.com
excite.com (dead now, probably a good thing)
hotmail.com
lycos.com
mail.com
safe-mail.net
yahoo.co.uk
yahoo.com
I have a special list of people that are explicitly allowed. I expect to see more filters like this in the future, especially for domains that are known offenders.
Re:Not from AOL, though... (Score:3, Informative)
So WHY are you getting e-mails with a forged @aol.com reply-to? It's simple! Many spammers simply believe that AOLers are more trusting of familiar-looking e-mail addresses, so they want their spam to appear as if it came from another member of the service. Ironically, inter-service e-mail on AOL has NO @ address on it!
Next time you see spam from @aol.com, check the originating server in the headers, you might be surprised.
Help me! They are using our Email! (Score:2, Interesting)
I get several hundred emails per day, either automated replies that tell my, that "your message to iojrf323@yahoo.com could not be delivered" or angry users that accuse us of spamming.
I try to contact the admins of the abused systems and enter their servers into an open-relay list, but that hasn't slowed down the rate of incoming emails.
Any ideas?
Re:Help me! They are using our Email! (Score:2, Informative)
Essentially they argued that they had to spend time dealing with complaints and calculated the cost of that lost time. They didn't even argue for damage to their reputation, which I think could have lead to an even bigger penalty.
The Profit in Spam (Score:4, Interesting)
I emailed 100 verio customers in that net block to explain to them how they would be blackholed and what that meant. They took down the site.
You can set up the very software spammers use to poach email addresses from sites in the same net block.
I fight fire with extreme fire. The only spammers I go after since you can rile people up on it, porn spammers, they don't care if they are sending to a kid or an adult, most of them even have pedophile or zoophile crap. Grab a name from the isp, any name. Contact them on the phone and tell them of the spam and give them 24 hours to have the site removed. If not, you are going to call everyone with their last name in the city the isp is located and let them know they are all for helping pedophiles etc. Does your mom know you send porn to minors?
It is very effective. Use infoseek or similar service, look for business by the ISP. Call the deli downstairs, the church in the neighborhood, then let the person at the ISP know who you talked to.
I am not posting my name since spammers have put me on their lists, they post my name as a spammer in newsgroups. They suck.
I have a job where filtering mail could mean not getting a clients mail, so it is not an option.
If everyone just took one piece of spam, traced it to the source or the host. Attacked that host, with legal threats. Do not make anything up, do not lie. When you call their biggest advertiser to explain how they support pedophiles, be clear, it is because they refuse to take action against pedophiles hosted on their site. That they allow one of their customers to send unsolicted porn to minors. Be very clear. And be very clear your group is about to announce who is helping these scums, since their company is an advertiser or client of the isp, you are going to list them. Don't like it? get another isp or get the isp to stop.
Shame is a great motivator. Use it. If we do not stand up to this crap, we are going to see legislation coming in, they are going to be heavy handed, they are going to snoop. Take back your box.
Do more than report a spammer today, those days are over. Attack,threaten and shame a host today.
Spam Study (Score:2, Informative)
While I was there we did several things to try and determine what kinds of messages were entering our system.
One of the things we did was to queue all incoming messages for a short period so could have a chance to look at them.
What we determined was that over 95% of all the messages we received that were larger than 1 Meg were CRAP of some sort, and definitely NOT business related.
We also tracked the number of messages per day going through the system for several months and found that just before Thanksgiving our numbers would triple and stay that way until Valentines Day...
Hey! (Score:2)
Also play our new game: Find the bad-girl coal!!!
I dunno about 650%, but mine's way up (Score:2)
What legislation? (Score:2)
What, pratel, is the anti-spam legislation that has been passed in the US?
Spamlaws.com [spamlaws.com] still susscintly leaves the state of current federal spam legislation at 3 words: Enacted legislation: None
Re:What legislation? (Score:3, Funny)
What, pratel, is the anti-spam legislation that has been passed in the US?
what, pray tell, is "pratel"?
Santa Says To Spammer ... (Score:4, Funny)
I send you this coal in your stocking in order to have your grimace. No thanks, bye.
What if YOUR e-mail address is used to spam? (Score:4, Interesting)
At least I gor a copy of the original message, so could trace the sender's IP address and their obfuscated web site address.
I dropped a note to abuse@ISP, who seems to have removed the spammer's web site now. Otherwise I might have asked the Slashdot community to test the spammer's offer (:-)
But what to do about reputational damage? Or going onto known spammer lists?
AT&T Broadband Baby! (Score:2)
I'm enjoying it while it lasts.
Hotmail vs Yahoo (Score:2, Insightful)
The Hotmail account averages 10 to 20 pieces of Spam per day.
The Yahoo account averages 2 Spams per day.
The funny thing is I don't use the Hotmail account address for anything, I use the Yahoo account for virtually everything.
So. My theory is that Hotmail/MSN allows/encourages spammers to fill their users mailboxes with crap!
There are 2 possible reasons:
1 - Hotmail/MSN actually sells their user lists to spammers.
2 - Hotmail/MSN drives up revenues by selling larger mailboxes to people who get more Spam.
Re: (Score:3, Insightful)
I've been spam free for 3 years now. (Score:4, Informative)
I hadn't been forwarding my ISP mail to my account for awhile. I was AMAZED at the amount of crap that came into it when I decided to check it the other day! SHEESH! 60+ mails a day on that account, ALL SPAM. MOSTLY PORNO. This on an account that I have NEVER used, let alone advertised! Of course the lack of security of the ISP probably didn't help (default web pages as the user's account id, for example)!
Re:I've been spam free for 3 years now. (Score:3, Informative)
Disabling expn and vrfy on sendmail is common security practice. On my Redhat 7.0 box, they were ENABLED by default. Not good.
Damn the spam and full speed ahead! (Score:3, Informative)
The reason a lot of geeks receive SPAM is the same reason I do ... registration of a domain. A live email address on a domain registrar is excuse to have every cheap SPAM cannon leveled at you.
Also, folks seem a bit confused. THERE IS NO NATIONAL SPAM LEGISLATION. It never passed. Not at all. The reason a lot of spammers want to say they are in compliance with opt-out legislation is that it legitimizes their existance. Let's not forget that SPAM is STEALING. You pay for the junk mail that shows up.
Check it out here... [spamcon.org]
Re:Damn the spam and full speed ahead! (Score:2)
After over a month of the same spammer spamming me from prserv.net in Austin, TX, I went to look that up, and you're right.
It appears that the mysterious 's1618' (passed by the 105th senate) that spammers sometimes claim (usually falsely, I find) to be in accordance with, got through the senate 3 years ago, and promptly fell into a House of Representatives committee black hole...
It wouldn't be TOO bad as far as legislation on such matters can go. It appears that is IS 'opt-out', but at least it requires the REAL email, phone, and physical address of the spamming company AND (if different) of the person doing the actual sending of the spam, so at least you can find out who they really are if they are really in compliance...
How much do you want to bet it'll rot and die in the HoR committee, like a bug in a 'roach motel', though....
Spamcop.net seems to have worked for me.. (Score:5, Interesting)
Spamcop takes the headers and fires off Abuse messages to every domain it finds in the trace of the spam.
The results? Well, I check my email and my wife's, and we used to get roughly identicle spams .. After using SpamCop for maybe 2 weeks, my spam count dropped off the map, while her email still gets hit.
I'd say I've gone from 20 spam/day to 1 spam/day.
It's kinda spooky. Don't know why it worked for me.
Re:Spamcop.net seems to have worked for me.. (Score:3, Informative)
Having used SpamCop from both sides (I work for a national ISP), I can't recommend it enough. The admin gets all of the pertinent information in a single mail, and the user can get feedback as to whether the issue has already been solved.
Julian (the guy who runs the service) is particularly helpful, and open to suggestions.
Re:Spamcop.net seems to have worked for me.. (Score:2)
Recently, SpamCop has switched to a "heuristic filter", which is only about 50% effective. It's not a very good filter; it's passed messages from viruses through, and today I got the classic "Nigerian spam". I've been asking the SpamCop people to put the challenge/response system back. If all they can do is a 50% effective filter, I could just as well use one of the Procmail-based solutions.
Dose anyone thinks we don't need anti-spam laws? (Score:2)
I'm not talking about spam from valid companies, I'm talking about the spam with forged headers and invalid return email addresses.
I know that usually the less government involvement the better, but why not let the government put a stop to this for us?
Re: (Score:2)
Here are my ideas.... (Score:2)
You receive an email with forged headers and you send it off to some complain department. They can then do a reverse lookup on the fax number or 1800 number or the owner of a website.
Federally regulated is fine with me. It will probably speed up the process.
I'm just tired of using spamcop and sending complaints to abuse@*domain*.com and not getting any results. When you try to call the big guys up they simply tell you to email them.
Smaller companies will usually take care of the problems immediately.
Going after the spam sender is usually a useless effort anyway, going after the end product that the spam is trying to sell is not.
How can I address congress and make a proposal to end put something into affect? I've been working with my Missouri State Rep. Carl Bearden for Missouri laws, but we need laws everywhere to make it stop.
It really is costing us money. My company is forced to pay for a full T1 instead of a burstable because of the massive amounts of spam that comes through overnight.
Somethig most forget (Score:4, Informative)
I filter spam based off of numerous DNS blacklists. I also have an extensive list of spamming domains and spam supporting providers that I blacklist. Last week I rejected 95,837 pieces of mail from just one of my servers that I deemed to be spam. If people didn't report that spam to the maintainers of the DNS blacklists, I would have to rely on my own access lists to reject spam. This colaborative effort really works.
Re:Somethig most forget (Score:2)
Re:Somethi-N-g most forget (Score:2)
If the operators of the DNS blacklists would operate them properly, maybe more people would use them, and submit spam reports to them. These things include:
Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer. If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused. Likewise, if they set up reverse DNS to identify their dynamic customer pool addresses in its own zone, I can block that to prevent the direct spam and some of the home open relays.
Most people hate spam and don't want it coming in. But not everyone is wanting to come out swinging at everything in sight as a result of that. Some of the anti-spammers are on the wrong crusade and not very many people will follow them.
Re:Somethi-N-g most forget (Score:2)
Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.
Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.
Many DNS blacklist authors do just this. MAPS [mail-abuse.org] is a good example. You have the DUL which lists dial-up IPs only. The RSS [mail-abuse.org] which lists known && abused open relays. The RBL [mail-abuse.org] contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ [mail-abuse.org] is a combination of those 3. All 4 of those are their own zones. SPEWS [spews.org] lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints. relays.osirusoft.com [osirusoft.com] hosts many lists. Individual queries can be made to for any of the lists it hosts or you can transfer them all at once in a big zone file. relays.visi.com [visi.com] is the home of the RSL [visi.com]. It only lists open relays that have been abused, like the RSS and relays.osirusoft.com's base DNSbl. blackholes.2mbit.com [2mbit.com] is the home of the SBL [2mbit.com] (Summit Block List), not to be confused with the SBL [spamhaus.org] (Spamhaus Block List) which is hosted by osirusoft. The Summit Block List contains abused open relays and hosts that have been directly involved in spamming. The Spamhaus Block List contains "known spammers, spam gangs, or spam support services" and is "by the same team that maintains the ROKSO [spamhaus.org] database", a list of those spammers.
In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.
This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.
Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky [spamhaus.org] and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.
This I have to strongly disagree with. I've been involved in protecting my resources from spam for some time now and have implemented many steps to prevent as much spam from entering my system as possible. I reject just under 1400 known spamming domains. I also reject all mail from a number of providers that harbor spammers as well. I utilize all the lists hosted by Osirusoft, relays.visi.com, blackholes.2mbit.com, and I'm in the process of resubscribing to the RSS and DUL. I even do some filtering on message content which has been incredibly successful. Last week I rejected almost 96,000 pieces of spam on one of my servers. That's pretty darn good. Of the 2400 users on this particular server, I've only had complaints from 3. 3 of them couldn't receive mail from a particular person on the 'Net that wsa being filtered by me. 1 was on an osirusoft list. 1 was attempting to send mail through their mailing list that's run by cybercon.com (a known spam supporter) and mail to subscribers on our end was bouncing. The other was a customer of a customer of Broadwing's. After explaining to them that we couldn't selectively allow mail to just them from the affected host and that we'd have to allow all mail to them unfiltered, they decided to suffer from more spam than miss out on their friend's email. One has changed his mind though. The rest seem to love it. The best advice I can say to you is to keep an open mind about these lists and what they do for us. Not every list is meant for all situations. I personally don't want to use the RBL. In the beginning I was leary about SPEWS. The rest I like. Join news.admin.net-abuse.email and keep up with some of the conversations of the anti-spammers that reside there. A plethora of information and insight can be had with them (I'm there too). good luck!
Re:Somethig most forget (Score:2)
Free service to basically elminate and track spam (Score:2)
I want to develop a free site for people to login to that will basically allow them to completely eliminate, and trace the orgin of spam. Here are the program specs, what do you think?
Program Title:
SpamRouter
Program Description:
A set of scripts to route mail to the correct destination address, as well as collect statistics
on where the "spam" was sent to, which will provide a direct link to where the address was
provided allowing us to track spammers efficiently, and accurately. Also allowing the user to deactivate the address provided, eliminating spam from that source.
Author:
Nick Hoover
Systems Engineer
720 Studios
Copyright Information:
This document and all of its accompanying scripts are (c) 2001 by 720 Studios
No parts of this program may be redistributed for profit without explicit
written consent of 720 Studios. You may modify this program as you wish, however
no warantee is presented modified, or unmodified. Meaning, use at your own risk.
Detailed Description:
This will be discussed in a single user environment, in future versions however - multiuser
environments will be present to allow the program to have a realistic use in the real world.
SpamRouter will have three seperate things going on. The key attachment to all of these
scripts will be a flat file (for now, however that may be put into a mySql database eventually
if the need is ever that high) database which will contain the following information:
useremail - the destination email address, which will be in the future used for the user's login
userpass - dummy for now, eventually an encrypted password for multiuser
userid - a generated ID that will be part of the generated keys
totalkeys - total number of keys (described below) generated
This database will contain the primary information for our users. There will be a second
set of databases, which will be generated for each user. These databases will contain
the generated keys, and will have the following information per record:
key - the generated key
origin - the site and or party given the address (this is for tracking)
date - date the key was generated
totals - total number of times the key has been flagged (ie. sent an email)
Each email that is sent to a key will be copied and put into a file named after its
key then followed by its count (ie. the sixth email sent to key X240213sd would be
X240213sd.5 [0-5]) that way we can track messages as well.
Now that you have an entirely confusing description of the data we'll be storing, time to explain
how this thing works.
Here's the life of a SPAM message sent to an address covered by spam router:
User is asked to provide their email address to a website for whatever purpose.
User logs into spamrouter and generates a new key, and enters in the website's URL
and other information so he or she can remember what they gave it for.
User is given a key generated address.
User gives that address to the website, and goes about their business.
IF the website the user gave their address to is a spamming website, and tries
to spam the email address provided, spamrouter becomes a knight in shining armor.
Email is sent to key at spam router such as: x9237823sijd783@spamrouter.org, spam
router receives the email, and copies it into a file for future reference, increments
the count on that particular abusing website in its database, and sends it to the
destination address (we're not trying to block spam [unless the user turns that
key off], just trying to trace it to whom it really came from.) An email is sent to the
destination address alerting them that the email was SPAM and sent from whatever
website the user registered it with. This allows the user to have a real copy
of the email, the information as to whom it came from - so that they can contact
the company, or whomever, and rip them a new one and have absolute proof that it was
from them, furthermore, the user can then turn off that key. Basically, no one will
ever receive your REAL email address (unless you give it to them) which lets you decide
who can contact you, and who can't. The problem with most "filters" is they filter who
it's from, not who it's sent to.
Kind of complicated, and maybe not really all that useful... but I created it for myself
because I want to know WHO is using my address for spam, that way I can get these people
to stop. Furthermore, once I've finished my business with a particular site, I can turn
that key off, basically eliminating spam from that address.
Have you looked at SpamCop? (Score:2)
This site does a fair bit of what you are suggesting, including e-mail forwarding, spam tracing, generated keys, the database stuff, and more. I would like to get some of the stuff he is doing via GPL'd software (some of it is, BTW), but he does a pretty good job, and even seems to annoy the flagrant spammers a bit.
There is free spam reporting, including an anonymizer to inform the offending ISP that they are being used by spammers. They can reply to the blind e-mail forwarder, but they won't get your address directly.
If you want to build a better mousetrap, (or spam trap, as it may be), this is a good resource to use as a benchmark (or talk you out of your project... but don't let that stop you.)
PINE users (Score:2)
Both of them
Hell... (Score:3, Informative)
Fortunately, there was an easy solution. I just added Pine filters for these words in the "from" address: deal, offer, bargain, save, money, and winner. That cut it down from ~20 an hour to maybe 3 random e-mails a day that slip through. :P
Suddenly no more spam! (Score:2)
I suspect that it's only a matter of time until my new email address becomes another toilet for the spammers to piss in.
24 hours of pinging (Score:2)
What if every time you get spam from some source, especially a direct delivery from a dialup, DSL, or cable luser, you launch a background process like:
ping -c 86400 ${spammeraddress} &Of course you're only trying to see when the spammer goes away, right? But if everyone does this ... just for 24 hours after receipt of spam, what do you think will happen?
Re:24 hours of pinging (Score:2)
You'd get your account terminated by your own ISP for violating their AUP probably.
And rightly so, two wrongs never make a right, not even on the internet.
Re:msrfa? (Score:5, Informative)
Main menu
Setup
Rules
Filters
Add
But this doesn't work unless you know what to look for in spam...and none are alike
Re:msrfa? (Score:2)
And IMHO filtering in the MUA is the most low-level spam-prevention possibility. There are several fine anti-spam systems out there.
'though I myself don't use them, yet. I make a sport out of finding a rule that catches the spam that reaches my inbox and is sensible enough not to filter any other mail (just recently I got a problem, that I couldn't receive mail from any student of a specifiy university, 'cause they got [a-z]@university-domain and I filtered on [a-z]*[0-9]{3,}@.*
Re:msrfa? (Score:2)
> You do realize that this blocks out more valid email addresses than just the example [a-z]@domain you gave, correct?
well
What to look for... (Score:2, Interesting)
Also, look for "send to 10 people" and that will get most chain letters. "make $$$" will get several hundred a week. "to be removed" will get a lot, but be careful as it will also get most legit mailing lists too.
I set these filters and then waited for SPAM to get through. If one did I would look at it and try to determine if there was anything unique that wouldn't be in normal correspondence. My SPAM count is still high, but only about 1 a month gets in.
Re:What to look for... (Score:4, Informative)
There is no law that they happen to be "complying with".
The propossed bill that they keep quoting not pass even if it had it required a valid return address wich they don't happen to supply. It's just a lame attempt at keeping you from taking action.
But yea go ahead and filter anything with that block of text.
Re:msrfa? (Score:2)
In almost all cases, it is easiest to filter from the recipient's domain name. Their username and hostname is easily changed, but the domain name is somewhat less variable, in my experience. Any respectable company would simply not allow enormous volumes of bulk spam to be sent out under its auspices for very long.
Once you hit "msfrfa", edit the "From Pattern" to be the domain name of the spammer. Then, under "Filter Action" hit "delete". Hit "E"xit, then agree to changes. The whole process takes only about 10 seconds.
So my filtering list includes...
gamblehog.com
postmastergeneral.com
realspecialoffers.com
optinrealbig.com
...
and so on.
The good news is that once you include the most aggregious offenders, your spam influx goes WAY down. With less than a 100 spam sites on my list, I get less than one spam a day in an e-mail account that used to receive one to two orders of magnitude more. You're then in a position where a few seconds of daily maintenance (to add to your existing list) is enough to keep you virtually spam free. Most of the spam I reveive now originates from yahoo.com, aol.com, or msn.com e-mail accounts. I'm not willing to filter out those domains, however, as a few people I know actually have accounts there. However, you rarely get repeat e-mails from those offenders -- the company takes care of them internally, it seems.
I imagine someone out there has already done this, and has released a comprehensives Pine filter list. Does anyone know if this is the case?
Bob
Re:msrfa for OUTLOOK EXPRESS (Score:2, Interesting)
tools->message rules->mail
New...
check off 'where the to or cc line contains people'
and also check off 'delete it'
then click on the 'contains people' link, enter your e-mail address for the pop account, click add and then 'options'
select the 'does not contain' option and click ok
give the rule a name like 'kill_all' and click ok
this rule needs to be placed at the top of your message rules to work properly as the list behaves the exact opposite as a routing table. (its M$, what do you expect?)
this will delete any e-mail not specifically addressed to you (as most spam is).
you will need to create message rules for any mailing lists you may be on, but you should have already done that to properly organize them into folders.
since using this method i have not had to read one spam e-mail sent to my pop account.
:)
Re:msrfa for OUTLOOK EXPRESS (Score:2)
Re:pine (Score:5, Funny)
Re:pine (Score:2, Redundant)
(M) ain menu
(S) etup
(R) ules
(F) ilters
(A) dd
Re:pm0.net (Score:2)
People won't use it. (Score:2)
People won't use it. As you say, it is complicated, and a lot of hassle to use. Any anti-spam methods must be simple and easy to use, otherwise the "d" key becomes the attractive alternative. And we already know that's not good enough.