Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Collateral Damage in the Spam War 375

MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry. " I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.
This discussion has been archived. No new comments can be posted.

Collateral Damage in the Spam War

Comments Filter:
  • by dada21 ( 163177 ) <adam.dada@gmail.com> on Friday July 12, 2002 @12:37PM (#3871507) Homepage Journal
    The only people I got spam from was from the e-mail address I used to register domain names with through netsol.

    I dumped that address (100 spams a day).

    What I've done is registered a domain name (say fatgeeks.com) and when I have to use my e-mail address at a website, I'll append the website to the user name, such as:




    When spam appears, I kill off that user name (very easy to do in any POP3 e-mail program) and then go to the website that sold my address and yell.

    This helps track websites that "lie" about reselling your e-mail address.

    No spam. No collateral damage.

    • This helps track websites that "lie" about reselling your e-mail address.

      Is there a page out there that details which websites sell your email addresses? It would be rather useful.

      Personally I nominate hotmail.com - unless you're telling me that ibtagmrq@hotmail.com is a popular name.

      • Slash had a story on just such a place just a few weeks ago [slashdot.org]

        It's called the Spamdemic map [cluelessmailers.org], but they had to pull the plug due to bandwidth cost issues

      • Is there a page out there that details which websites sell your email addresses? It would be rather useful.

        Personally I nominate hotmail.com - unless you're telling me that ibtagmrq@hotmail.com is a popular name.

        For the life of me, I can't understand how anyone can even *use* a service that is so hopelessly targeted as Hotmail.

        I have a hotmail account (created just before MS bought them) which I use for exactly one purpose: I give it out to assheads who demand an email address on a web registration or reply form.

        Now, this was not my intention when I opened the account; originally, I hoped to use it to *replace* my Yahoo! email account because several people recommended it as a slightly-more-functional alternative.


        After I opened the hotmail account and verified I could log in, I went away and forgot about it. When I came back a week later, my mailbox was full - there were over 200 (!) SPAMs waiting for me. This, by the way, without telling a single person about the new address or sending a single email from the account.

        The spammers beat me before I even got to the starting line with Hotmail. A lot of them come in with randomly generated recipient lists, so MS doesn't even have to sell addresses - they've got random number generators for that. In fact, this might be the ONE argument in favor of ridiculous email addresses like "superbob8337264fromtulsa@hotmail.com, because I'm sure that the longer your email address, the fewer SPAMs you get, even by only a couple.
    • For heavy Internet users, having your own domain is wonderful. I do the same thing you describe. I'm hosted at pair.com (no affiliation other than as a customer), and for about $6/month, they host my personal web pages and let me put arbitrary filters on any incoming email address. I've killed off a few that have gotten spam from web sites releasing the address. I've killed off a few that I used when posting to mailing lists that are archived on the web.

      But mostly, I've found I just don't get much spam because I protect my email address. For example, when placing my email address on my web page, I use JavaScript to encode it, so a web robot that doesn't parse the script won't see the address. I've never received spam at an address protected that way.
    • by QuantumRiff ( 120817 ) on Friday July 12, 2002 @01:29PM (#3871886)
      if you run your own linux server, just edit /etc/alias with something like:
      ebay: me
      then save, and run "newaliases"
      on the web form for ebay, then type in:
    • Check out spamgourmet.com [spamgourmet.com]. It institutionalizes that idea. Once you're registered you can create self-destructing email accounts, that accept N number of messages. The slick thing is that it creates them on the fly, the first time you send email to it, so after having visited them, you never have to go there again to actually create these accounts.
    • Depending on which MTA you're using, you can do this with address extensions too. Sendmail uses + as it's address extension, and postfix/qmail use - for address extensions. So for my email, for example, mark-foobar@hornclan.com will get delivered to the same mailbox as mark@hornclan.com. The MTA simply ingores everything after and including the extension delimiter.

      TMDA [sf.net] takes advantage of this sort of thing. So it does what you're talking about, but it also adds a cryptographic hash onto the extension to verify that you infact were the person who generated the extension. So my equivalant of what you're doing would be:


      The generation of the hash depends on a secret 140bit key that only I know. Thus I can create these things whenever I want and use them without modification to my mailsetup and be confident that no one else can generate these things that will get into my mailbox.

      Other types of addresses that tmda generates:

      • Dated addresses - addresses that will work for a certain amount of time, and then expire. Great to use when posting to USENET, and as the default for all outgoing email.
      • Sender addresses - addresses that will work if used by a particular sender. Great for subscribing to mailing lists with.

      Anyway, I'm pretty pleased with TMDA, although, as I say in another post, it can impact one's ego. [slashdot.org]

    • Whoops. You showed the wrong syntax. Did you mean dada+slashdot@fatgeeks.com instead of dada_slashdot@fatgeeks.com? The underscore is a valid character in a user name. The plus sign however is called plus notation. I use it myself. Say I sign up for a demo of ProductX, I'll use the email address of userid+productx@domain.tld. MTAs are supposed to ignore everything between the "+" and the "@". Plus notation. It works pretty slick too. I use it for magazine subscriptions and what not too.

      Something I've started using more is simple mail aliases. Since I run many MTAs, I've taken one of my own domains and create an alias for a mail recipient for when I need to sign up for something. Let's say I order some X10 stuff. I'll create a quick mail alias called "x10" and point it at my usual mail account. I'll add a comment with a date, maybe a URL, etc.. to it and rebuild my aliases.db. There are 2 upsides to this. 1 is that I can easily make that a real account someday and spamtrap all that junk if needed. It's also garunteed to be accepted on every web form I come across. Occasionally I'll come across a web form that only accept alphanumeric characters (and the @) in the email address. Some webmaster thought he was being security-wise and didn't follow the RFCs. Whoops. No biggie. This method gets you around that little problem. The only real downside is that it takes a couple extra seconds to create that alias and add some comments about it. Oh wait, there's another plus. Some mass mailers strip out the plus notation from email addresses. Giving your address to, say, Citibank or CapitolOne as joeblow+citibank@domain.tld might confuse the person or raise suspicion if you're entering your address in a spamtrap. With the email alias, you can use an acronym, gibberish, or whatever you want for your particular situation.

    • by Mike Schiraldi ( 18296 ) on Friday July 12, 2002 @02:11PM (#3872174) Homepage Journal
      This helps track websites that "lie" about reselling your e-mail address.

      Even honest companies are a problem -- i do the same trick you do, and about a year ago, i started getting porn spam to the address i used only at 1800flowers.com. They swore they didn't give it to anyone, and i believe them.

      What i'm sure happened is this: Some DBA, or some temp, or whatever, did a one-line SQL query to pull out every email address in their database, and then sold that list.

      So even if you trust the company to not sell your address, it just takes one bad employee to screw you over.

      Of course, their database also has my credit card, so the same DBA could have run off with that. So far, i haven't had any fraudulent charges. But that's what you gotta read over every single charge on your credit card bill, every single money.
  • Several of the more hardcore lists will quite gladly blacklist an entire ISP for hosting spammers. Doesn't matter if you're squeaky clean with a five year contract with the ISP, they'll just say "get a new ISP, they've broken their contract with you"... all in the interests of peer pressure.

    I haven't been hit myself by that, but I can sure empathise with the poor bastards that have.
    • The company I work with is switching our hosting away from Earthlink for that reason. We send mail from our domain but its reverse lookup is earthlink.net...Some of our clients deny mail from them as they have open mail relays. Bad for us Karl
      • When I used to work at the better half of that company a long time ago before the lame name change *cough* we spent a considerable amount of time trying to figure out who the traitor was inside selling lists of email addresses. We knew it was going on, but never caught the guy.
    • I think the "peer pressure" idea is becoming a bit of a "dinosaur" from the days of the mom-and-pop ISP. In the past, except for AOL, you didn't really have many large ISPs that kept on large numbers of spamming users.

      The small ISPs would be pretty responsive to complaints, or if they weren't - they'd feel the pain of getting blacklisted, and would usually give in and kick off their problem users.

      Nowdays, with most customers on one of a handfull of giant ISPs, it's no longer effective or realistic to ban the whole ISP. (EG. With the number of customers Earthlink has, can you really expect them to always keep *every* user with an open-relay off of their network? Even if they hired whole teams of people just to perform that one task, new people with open-relays would subscribe faster than they could discover them. Hence, Earthlink would almost always be on a blacklist.)
      • Before the earthlink "merger of equals", Mindspring had Harry. Harry absolutely rocked the abuse department. He worked together with the other admins (helped he was a Senior Admin in skill level) and they'd think up all kinds of interesting ways to "abuse" spammers. We'd catch them pretty fast if they were spamming from our network. One of my favorites was sending +++ATH0 in a formatted ping packet to their modem to disconnect them, sending thousands of spam messages back to their email client depending on what they used. Their port would be disconnected quickly. I think we had a 3 strikes and you are an ex-customer rule. Jan also rocked the news servers. I'm not sure how earthlink is handling things now post merger. I didn't hang around. :) At the time, were were number 2 in the world, and fighting spam very well. The "SPAMINATOR" product was very much loved by customers. I heard through the grapevine that it's basically a joke now, and doesn't work.
      • It's a tough call for the guys taking the hardline.

        On one hand, their main weapon is escalation. First they would ban the server, then the domain, then the hosting ISP... and then the ISP's connectivity - presumably at that stage, the ISP would have to choose between dropping the spammer or losing their connectivity.

        On the other hand, every time they escalate, there's a chance outsiders looking in will go "good god, what a bunch of lunatics" and not opt to go with that blacklist... and as is pretty obvious, the power a blacklist wields is pretty directly related to the number of mailboxes it protects.

        The discussions on the newsgroup certainly do lend themselves to LART-based amusement, though. :)
      • Honestly I don't much earthlink.net spam. In fact I can't remember the last time I got earthlink.net spam, even raping an open relay.

        However I have gotten tons of broadwing.net spam. You (and I both) wouldn't believe the number if I could compile it. They ignore LARTs. They sign on known-spammers without regard. They simply don't care. Myself and many others blacklist them because of their in-action. I don't know if collateral damage is enough anymore though. The RBL was the best place to lay down some collateral damage. I wish it was used more.

      • With the number of customers Earthlink has, can you really expect them to always keep *every* user with an open-relay off of their network? Even if they hired whole teams of people just to perform that one task, new people with open-relays would subscribe faster than they could discover them. Hence, Earthlink would almost always be on a blacklist.
        First, I checked Earthlink's main web and mail IP's (as representatives) and they seem to be on only one blacklist: blars.org.
        Second, the only thing expected of ISP's is that they read their abuse mail at least once a day and upon verifying abuse they promptly terminate the accounts in question. ISP's need abuse departments, and the more accounts the ISP has the more people it needs in its abuse department. The abuse department does not need to discover open relays or other network abuse; it merely needs to read, investigate, and act on complaints.
        Failure to maintain an effective abuse department will result in the network becoming a haven for abusers, and that will cause the ISP's netblocks to be blacklisted.
  • Isn't it ironic (Score:4, Insightful)

    by iONiUM ( 530420 ) on Friday July 12, 2002 @12:39PM (#3871529) Journal
    but I still have to ban domains like yahoo.com
    Does anybody else find it funny that this article is from yahoo.com?
  • by maynard-lag ( 235813 ) on Friday July 12, 2002 @12:40PM (#3871540)
    I've found that once I stopped checking my email, I stopped getting spam.

    Now, why haven't I heard from my girlfriend while she's been away at school.
    • Now, why haven't I heard from my girlfriend while she's been away at school.

      Since you passed up all those opportunities at penis enlargement she's been sending you, she's probably moved on to another guy.

  • by Omega ( 1602 ) on Friday July 12, 2002 @12:40PM (#3871543) Homepage
    A number of spam filters and spam blocking agents will mark a message as SPAM if it is only Bcc'd or CC'd. If you're going to Bcc -- at least make sure you have 1 To recipient else you may end up in the SPAM Folder.
    • Obviously, the simplest solution there is send it to yourself, and bcc everyone else. That way, no new data is introduced for the recipients to see.

      And SpamAssassin (v2.20) rates "TO_EMPTY" at 2.541, and "TO_NO_USER" at 1.928 - putting you less than .5 away from getting dumped by the default threshold of 5. The two may be exclusive though... but they're still pretty large hits.
  • by Binestar ( 28861 ) on Friday July 12, 2002 @12:41PM (#3871545) Homepage
    I've been using spambouncer [spambouncer.org] for quite a long time and I've found that it catches more spam than Spam Assassin does.

    As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.

    I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:

    * ^Content-type: text/html
    * ! html; charset=
    * ! from hotmail
    | ${FORMAIL} -A"X-Spammers: text/html only message"

    Your Milage May Vary
  • Klez virus and spam (Score:3, Interesting)

    by pubjames ( 468013 ) on Friday July 12, 2002 @12:41PM (#3871546)

    Since the Klez virus can be sent as if it was from your email address even when it has not come from your computer, is it possible that you could get put on a antiSPAM list because someone else has got the Klez virus?
    • It is possible, but *most* of the people running the spam lists such as DNSBL's have a clue as to whats what and will not put those type of issues into the blocking lists.

      BTW: That brings up another point, never never never trust a spam From: Header, you should always track it down to the system sending the spam, not rely on what the From: Header says.
  • I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.

    I see that sending the boys round to Hemo's house for a good beating with the procmail man page worked.

    Right ... one down ... anyone know Taco's home address?

  • by dmarien ( 523922 ) <dmarien@dmarDEGASien.com minus painter> on Friday July 12, 2002 @12:45PM (#3871570) Homepage
    I once, after installing, needed to raise a concern to the author, djb. I e-mailed him, and instantly recieved an automatic response.

    The automatic reply stated that djb recieves an enourmous amount of mail, spam, and technical support inquiries. If I really wanted to e-mail him, the letter went on, I would have to reply to the automatic reply and copy in a 12 digit code which the automatic reply included.

    I did that, and then recieved a 2nd automatic reply, stating that the code I entered was correct, and that djb would recieve my mail.

    I imagine that a mail system setup in that regard would be the most potent weapon a mail server could utilize against spam!

    The mail server could keep a database of known senders who entered the code correctly, and thereafter automatically accept their 'friendly' e-mail.

    I forsee a potential abuses for this though. Annoying "spam bots" could learn to decipher the first automatic reply containing the code and then automatically send the spam, and contain the code which will allow the mail server to recieve the mail.

    I would ask that if anyone knows how to install/administer the add on to qmail which performs this to please let me know! I recieve a tonne of spam, and becuase I get everything sent to the domain 'dmarien.com', I'll sometimes get upwards of 100/day.

    Also, if anyone has a qmail server setup in this manner please let me know how satisfied they are with it's performance, and whether they get complaints -- and even if spam get's through -- i'd love to know.

    • Yes! See my other post about TMDA [sf.net] in the comments. It does exactly this.

      By the way, your potential abuse is not as bad as it sounds. The spammer would need to use a valid return address in order to receive the confirmation. This means they could be tracked and stopped, etc. The most serious problems with SPAM right now are how there are so many open-relays and that addresses can be spoofed.
    • I forsee a potential abuses for this though. Annoying "spam bots" could learn to decipher the first automatic reply containing the code and then automatically send the spam, and contain the code which will allow the mail server to recieve the mail.
      One of the primary charactaristics of SPAM is bogus From: and Reply-To: headers. If replies were actually recieved by the bot it would be an improvement.

  • by Anonymous Coward
    If you'll trace the messages 99.9% of the time it's not from the return address (which is usually hotmail or yahoo). So simply blocking yahoo and hotmail seems kind of wasteful. Simply look at the black lists of open relays. They are the problem.
  • SPAM (Score:4, Funny)

    by !splut ( 512711 ) <sputNO@SPAMalum.rpi.edu> on Friday July 12, 2002 @12:46PM (#3871582) Journal
    Ever since my friends started filtering out spam none of my emails get through to them. Such is the life of a Hormel Foods employee...
  • One filter thought I was sending spam because I sent a message to myself and then CC'd all of the other recipients.. the filter was triggered because the recipient wasn't in the "To:" line... another idiotic filter flagged me as spam because I sent a message to a listserv which forwarded my message...

    There are way too many dumb and lazy programmers out there! They should spend more time thinking about their code and less time reading slashdot :)
  • hell, today an email addressed to me, from someone in my address book, got dumped into the "Junk Mail" folder, presumably because the body contained the words "bachelor party". Y'all gotta remember to check those spam folders every couple of days...
  • Spam Assassin (Score:4, Informative)

    by Pengo ( 28814 ) on Friday July 12, 2002 @12:48PM (#3871599) Journal
    I have been getting close to 20-30 spam messages per day, my well.com account was the worst.. but the problem with just dumping a couple of my email accounts is I just went through an international move and I don't want to miss any messages from friends in Europe.

    A few weeks ago I saw mention of software called spam assassin. After about 2 hours of playing, updating CPAN modules on my Mandrake box in the closet, getting fetchmail and sendmail configured/installed.. I must say, the pain of getting it going was WELL WORTH the effort. I now have almost 0 spam get through (not a single one yet). I have setup IMAP on that server, and have all my email going to that one spot.

    Spam Assassin is pretty neat, it tags the top of the message with reasons why it thinks it's spam. Some of it's comments are funny as hell.

    Sample reults:
    SPAM: This mail is probably spam. The original message has been altered
    SPAM: so you can recognise or block similar unwanted mail in future.
    SPAM: See http://spamassassin.org/tag/ for more details.
    SPAM: SPAM: Content analysis details: (12.8 hits, 5 required)
    SPAM: FROM_NAME_NO_SPACES (-0.1 points) From: no spaces in name
    SPAM: AS_SEEN_ON (2.2 points) BODY: As seen on national TV!
    SPAM: CLICK_BELOW (1.5 points) BODY: Asks you to click below

    Anyway, fetchmail + spamassassin is well worth the effort.

  • by PissingInTheWind ( 573929 ) on Friday July 12, 2002 @12:49PM (#3871603)
    Have a look at this:sick guy [com.com].

    and maybe even sicker: taking spam as if it was legitimate and interestig: link [com.com].

    And for the record, that fat-ass-online-marketer-who-loves-spam's email is BDennis410@AOL.com . Make sure you make him happy and forward all kind of nice business and penile enlargement opportunities to him.

  • I still have to ban domains like yahoo.com, hotmail.com, mail.com
    I don't know about hotmail.com or mail.com, but Yahoo is pretty good at keeping its accounts from being used to send spam. It's true you see "yahoo.com" in a lot of spam headers, but these are almost always forged. And forged headers are pretty easy to detect. I'm suprised your filters can't tell the difference.
  • Banning .cn (Score:5, Funny)

    by JoeBuck ( 7947 ) on Friday July 12, 2002 @12:54PM (#3871649) Homepage

    Q. How can the Chinese authorities get around the fact that the Great Firewall of China is doomed to be imperfect?

    A. Get all westerners to ban .cn as spam. Then Chinese dissidents will be unable to communicate with the outside world.

    • It's a myth that banning .cn spam is hurting dissidents. They can still surf the web and use 3rd-party web-based email. I ban all email from all Chinese, Hong Kong, Japan, and South Korean IP address blocks. I still get email from Chinese asking for technical help (Solaris on Intel and what not), which I answer.

      As for dissident email, I never received any and don't expect to. I'm sure the few Chinese dissidents are beaten down quickly and probably communicate with others who can help.

      Hopefully, the Chinese will wake up and realize that to be responsible Netizens, they shouldn't be spam generators for the rest of the world.

      • According to a usenet post from what seems to be the only China admin who has been taking the issue seriously, China Telecom is finally waking up to the fact that SPAM IS BAD. Evidently it took legal papers from overseas delivered to their headquarters before they decided to take a look at the problem. Whether this means that they'll do something about the spam is another issue...
  • I've been using a beta of Cloudmark's SpamNet [cloudmark.com] for about a month with no false positives. Seems to do a good job, plus you can mark SPAM that you might get and it will update it on everyone's (that is using SpamNet) spam signatures.
  • SpamCop chain test (Score:4, Informative)

    by Animats ( 122034 ) on Friday July 12, 2002 @12:56PM (#3871668) Homepage
    One of the better features of SpamCop is the "chain test". SpamCop's header parser looks at all the "Received:" lines and figures out which ones are fake. It matches DNS names and IP addresses, and checks those "Received A from B", "Received B from C" relationships. The point at which the chain ceases to be valid identifies fake headers.

    This is essential if you want to report spam to the sender's ISP. Otherwise, you report addresses being abused by spammers. It's also a useful filtering tool; an e-mail with inconsistent headers is probably spam.

  • by GGardner ( 97375 ) on Friday July 12, 2002 @12:57PM (#3871673)
    I get a ton of junk mail. Who doesn't? It usually gets tossed, unopened. Every now and then, I've tossed non-junk mail, as it looked like junk mail. It would be interesting to measure this "cost" of junk-mail.
  • I have had my yahoo.com e-mail address since they offered it YEARS ago. For a while I used it as a SPAM trap and just deleted the whole thing periodically. I finally decided I wanted to use it and have set up a number of filters to take out crap.

    Stuff like "Casino", "Porn", "u.n.i.v" in the subject and china.com, and .br (since for some reason I've been getting hit from Brazil) in the from line all go to the Trash.

    Is blocking entire domains and nations blocking out potential legit e-mail? Yep, sure is! Am I losing sleep? H3ll no! Look, I'm very sorry if you're unable to do some things on the net b/c you're domain is blacklisted, but that's just too bad. Then complain to your ISP to do something. If enough people scream to their providers to do something, the ISPs will HAVE to do something or else lose users and hence - business.

    I'm not going to endure the kind of garbage I have in the past. As for legit businesses that get blacklisted, well, as the article said, it was resolved in a day...

    One thing that is interesting is Yahoo!s little feature of marking a message as SPAM. Apparently, they review it and use it to update their filters. I'd be interested to know how well it works...

  • I've had a number of people complaining about spam email originating from our server. A quick look at these emails from somebody who knows "a little something" about email shows that the email was an almost guaranteed forgery...the mail servers that relayed the message had nothing to do with us, besides which the user does not exist on our servers and the domain they sent from belongs to developers I know wouldn't fool with this stuff.

    And yet, the damage has been done. These users don't trust me as a provider even when I explain how we lock down our server & prevent spam. They don't trust our domains, which means they block the ip -- an ip which may be mapped to 50 or more virtual sites. And all of this because our domain was the root of it all...a simple forgery that no email client really checks for validity because internet mail is designed to bounce anonymously from server to server. I've gotten spam that was "sent" from my own email address...which is silly, because why should I trust a company's services when they try to convince me _I'm_ marketing to myself?

    What email needs is a set up like SSL -- a trusted third party to verify the validity of an email from a key generated by the sender when the receiver gets the mail. If the sender proves to be a spammer, the third party drops support...and charges a large fee for breaching a contract. We need this to occur without unwieldy programs (PGP) or user eductation...just some way to get a lock in the corner of a user's screen to let them know for a fact that user X sent message Y, and that if it was unwanted they have a recourse.

    This new "Secure mail" could become popular very quickly, as many companies that communicate solely over email could use the security that nobody can send an email as ceo@trustycorp.com without the server's permission. The key is ease...SSL may have its problems (certs kind of expensive, monopoly of cert providers due to reliance on deals with certain monopolistic browsers, slowwww responses) but it has become a mainstay of secure communications for people who understand it (unlike my wife, who despite a BS in chemical anthropology believes that submitting her credit card via SSL over WEP 802.11b means a guy with a ham radio can read her number, so she places orders via cordless phone instead). Mail hasn't significantly changed in ten years...maybe it's time for smail!
  • ORDB is the Answer (Score:3, Informative)

    by DaveAtFraud ( 460127 ) on Friday July 12, 2002 @01:02PM (#3871712) Homepage Journal
    ...but I still have to ban domains like yahoo.com, hotmail.com, mail.com
    My e-mail address was recently harvested by a spammer. I started getting SPAM from the listed domains but the only problem was the mail didn't show up as from yahoo, hotmail or mail in my mail log. Turns out the spammer was forging the return address and sending through an open relay. So I learned about how to set up sendmail to filter incoming mail through the Open Relay Database (ORDB). That particular spam problem has now disappeared. It helps when you run your own mail server but if I can figure this out in less than a day then a paid sysadmin at an ISP, company or school should also be able to do it.

    You can find out more about the ORDB here [ordb.org] and this site [wirehub.nl] has very simple instructions for setting up sendmail to use the ORDB filter. Sendmail.org [sendmail.org] has quite a bit of additional stuff you can do to filter SPAM and still let legitimate e-mail through. ORDB also has solutions for people who don't run their own mail server and just connect someplace with a mail client to get their mail.

  • by Anonymous Coward
    after filtering the Content-Type: for ks_c_5601-1987
    (upper and lower case) I havnt recieved an asian spam mail, given that I used to get 20+ asian spam a day this helps a lot. In Outlook you cant(I think) filter on specific headers, but filtring on all Headers should do.

    my $0.02
  • TMDA (Score:5, Interesting)

    by infiniti99 ( 219973 ) <justin@affinix.com> on Friday July 12, 2002 @01:10PM (#3871757) Homepage
    (this is similar to a comment I posted to the other recent fax SPAM story. it has been expanded.)

    I highly recommend using TMDA [sf.net] on your mail server to defeat SPAM. It works by maintaining a whitelist of valid senders. If someone emails you and they are not in the whitelist, then they receive a confirmation request email. They must reply to it in order to be added to the whitelist (at which point, TMDA will deliver their original message, and allow all new ones to pass through). No having to report SPAMs, no worry of maintaining a never ending blacklist. No blocking of entire domains, no having to "sort through the spam periodically". TMDA does it all for you, putting a minor inconvenience on first-time senders.

    The end result is that I get no SPAM. Zero, zlich, nada, not one -- with no effort on my part.

    I believe there are other packages out there similar to TMDA that you may want to try. Regardless, I'm convinced that a whitelist-centric strategy is the way to beat SPAM.

    Note: You still must take into account mailinglists or other situations where you are going to receive mail from an unknown source that won't be able to process the confirm request (such as some online purchase confirmation), and this is where qmail aliases can come in handy. Ie, justin-linux, justin-sears, etc, and just throw them away if you ever get SPAM. TMDA even has some features to help with this, such as hash-generated addresses that self-destruct after a period of time.

    Still, for all other purposes you can keep your normal address. No need for SPAM armoring ever again :)

    • Re:TMDA (Score:4, Funny)

      by mjh ( 57755 ) <[moc.nalcnroh] [ta] [kram]> on Friday July 12, 2002 @01:33PM (#3871917) Homepage Journal
      Yeah, since I started using TMDA, I've had a mild case of depression. Besides mailing lists, I never really get any email. I used to be able to delude myself into thinking people liked me because I got so much email -- but it was mostly spam. So, apparently, I'm not that popular!

      So be careful if you choose to use TMDA. It might impact your ego.
      • Yes, I noticed this too. I tend to check my mail very frequently, and not much is there these days. Maybe I should install a biff of sorts..

        Still, it does feel good to be able to say, "I don't get SPAM, period." Oops there goes my ego.
    • TMDA does have a disadvantage over blacklists: it doesn't reduce wasted server bandwidth. Not only do I want to keep my INBOX neat and tidy, I also don't want spammers to usurp the bandwidth that I pay $$$ for.

      Blacklists would allow my MTA to reject the email before the body is even sent. TMDA receives the body, stores the message and attempts to send a confirmation request to the spammer, all taking bandwidth.

      TMDA is ideal if nobody cares about bandwidth utilization, but today spam is costing me more. If traffic continues to grow at existing rates, spam will account for more traffic than my web services in a matter of months.
      • Good point.

        Perhaps the ultimate SPAM-killer would be some combination of the two. Blacklists to prevent bandwidth loss, and whitelists to kill anything that slips through.

        I assume it's pretty easy to chain MAPS before TMDA in my qmail setup, maybe I should look into it.
      • You can rather easily set tmda to auto-blacklist any of the people who don't reply. You'll use the bandwidth for the first message but not the second.

        I like it this way, I'm not in a very big worry about bandwidth and this keep my inbox sparkling clean, but also does save some bandwidth and processing time.
  • New approach (Score:2, Insightful)

    by Rupert ( 28001 )
    Maybe we could get a mainstream news source to report that terrorists are using spam to communicate with each other. That would get it banned instantly.
  • by RobinH ( 124750 ) on Friday July 12, 2002 @01:18PM (#3871809) Homepage
    When I was in university and making web pages and stuff, I used to get tonnes of spam. When I posted to newsgroups I got tonnes of spam. However, these days, I just have two addresses... one for personal email, and the other for work email, and I rarely ever get spammed.

    My personal email address is a yahoo account, and work email is provided from the company I work for. I give out my email addresses to friends and lots of contacts from work (and it's printed on my business cards).

    I NEVER do these things:
    -post to newsgroups with a real address,
    -put my personal address on a website,
    -give a real address when filling out surveys, etc. online
    -sign up for newsletters
    -give my email to anyone who asks over the phone ("Sorry, I don't have a computer, but yes, I'd like to order that CD-ROM drive")
    -give my email address to Radio Shack
    -enter my personal info into my browser

    Basically, I just refuse to allow my email address to proliferate. If I do happen to get spammed, I just don't reply, and it tends to go away, but it's really rare anyway.

    Of course, if I ran a website, I'd create a unique email address just for that purpose, and I'd expect to have the sh!t spammed out of it, but at least it would be separate from my real addresses.
    • Your technique won't work. If you give your address to friends and family, they will either send a forward (which ads your email address to the headers and is picked up by spammers) or get a virus, which can also pick up your email address. And anybody running an SMTP server that records email addresses could harvest you for spam.
      • Your technique won't work.

        It has for (literally) years.

        If you give your address to friends and family, they will either send a forward (which ads your email address to the headers and is picked up by spammers)

        I guess I don't tend to forward jokes. I've seen them all, and tend to believe that most of my friends/colleagues have too. My friends also know that I don't like getting forwards, so they tend not to send any to me. The few that do have caved into putting me on the list as a Bcc.

        or get a virus, which can also pick up your email address

        As has been pointed out in other discussions, when you don't use MS Outlook, you don't get viruses.

        And anybody running an SMTP server that records email addresses could harvest you for spam.

        Fortunately, Yahoo seems to be pretty good about not doing that (and not selling my address in general, unlike other web email [hotmail.com] services).

        Back to my first point... it HAS worked. I didn't say I don't get any spam, just that i get NEARLY none.
    • Right now some poor guy named "HomerSimpson@aol.com" is getting pounded with spam.
    • If you don't get spam how will you ever learn how to "MAKE MONEY FAST!" or how to "ENLARGE YOUR PENIS!"?
  • The only viable legislative solution I see is to require all senders to pay a small fee for every message they send out. No bulk deals, also.

    It would not eliminate spam, but may greatly reduce it.

    The fee should not affect the cost of services if you are not a spammer ISP because you will get the senders' revunue to pay for accounting efforts.

  • by FearUncertaintyDoubt ( 578295 ) on Friday July 12, 2002 @01:25PM (#3871863)
    "Their philosophy appears to be that if innocent businesses and individuals on the periphery of spam-house blocklists are affected, then those innocents will have no other choice but to pressure their upstream provider to remove the spammers from their blocks, thereby solving the spam problem bit by a bit. Draconian, yes. Effective? Sure."

    Absolutely. Without pitting customers of ISPs against each other, i.e., the legitimate ones against the spammers, the ISPs will be happy to serve both. I'd suggest that if an ISP allows any spamming, block it -- wholesale. Either you have an agressive policy against SPAM or you lose your privilege to send mail to my servers. Your customers don't like it? Tough. Make your network spam-unfriendly.

    The last thing the ISPs want is for their regular customers to be aware that they are allowing spammers to use their network. It's kind of like the phone company selling caller ID block to telemarketers and caller ID and privacy manager to residential customers. If the spam blacklists cause users to confront the reality that their ISP is knowingly hosting spammers or not bothering to monitor people sending out 10e+06 emails at a time, then they might just demand that their ISP get out of the spam business. Because unlike (most) telcos, ISPs don't have monopolies, and customers can switch.

    • Absolutely. Without pitting customers of ISPs against each other, i.e., the legitimate ones against the spammers, the ISPs will be happy to serve both. I'd suggest that if an ISP allows any spamming, block it -- wholesale. Either you have an agressive policy against SPAM or you lose your privilege to send mail to my servers. Your customers don't like it? Tough. Make your network spam-unfriendly.
      Sadly, for some strange reason the people who get blocked seem to think it's because of some action
      taken by the maintainer of the block list.
      No matter how often you repeat the statement that's it's their ISPs fault, they still think it's because you listed them.

      -- this is not a .sig
  • Sign your mail! (Score:2, Interesting)

    by Viceice ( 462967 )
    I think the solution to this is something we have implemented with care in the real world regarding our mail, but somehow failed to do in our e-mail.

    Think of a real world companies mailroom. Say it's a big company that gets thousands of letters each day. Some of it is business related and is important, some 'thank you's and 'well done's from customers, some 'your stuff sucks' also from customers and lots and lots of junk/spam/flame that is only good for recycling.

    Sorting out all the mail takes time, so how do you make sure that the legit mail gets to you quick and the Spam stays in the Spam basket? Well you send registered mail. See, we know that certain mail is important when someone takes the trouble to take it to the post office and register it and pay more for it's delivery or call a courier to do the same. It's all barcoded so we can scan it, see who it's from and build a "trusted" mail list and rush it through.

    Sound familiar? You bet! But the trouble is almost nobody beliefs in PGP signing their e-mail. All our mail programs can do it, but we just don't. Imagine, if it were that every piece of mail sent is signed, all we need is a simple filter to see what is spam and sort it out, dead on, with no legit mail getting junked.
  • by bwt ( 68845 ) on Friday July 12, 2002 @01:37PM (#3871944) Homepage
    It seems to me that most spam leverages flaws in the email protocol. The ability to spoof an email address and the lack of built-in and automatic digital signing both enable spam to flourish.

    Perhaps its time to write a completely new email protocol that supports these features.

    I don't think it's so much to ask that when an email header says its from joe_blow@yahoo.com that it really is from that address. I understand that this would cause anonymous email to be impossible, but it should be the recipient's choice as to whether they want to use an email protocol that allows spam and anonymous mail or not.
  • Don't blame the spam filters for not being perfect. No matter how intelligent these programs get they will never be perfect. Even if you hired someone to go through your mail box every day, that person wouldn't know what you consider spam and what you want to read. For example, if an old friend you hadn't talked to in years sent you a job offer, that would kind of look like spam, but you would still want to read it. Anyway, these spam blocking programs are much better than nothing.
  • I personally check my spam folder many times a day, so it's no big deal if I get a false positive from spamassassin. "But what's the point in a spam filter at all if you check it all the time", you ask? For me, the annoyance of spam is getting interrupted by the delicate chimes that announce your new mail, and then racing excitedly to your mail app only to discover that a HOT TEEN is waiting for YOU! I don't mind sorting my spam folder, so long as it's on my time and not interrupting something important. I usually do it anytime I get any legitimate mail, so it's rare that there's more than 1 or 2 emails in the folder. A false positive will usually just result in delaying me from reading someone's mail for a few hours.

    If I got so much spam that this system became unwieldy, I would probably set up several spam folders corresponding to the spam level assigned by spamassassin. Anything between 2-5 would go in a folder that I check whenever I get a real email, because a false positive is almost guaranteed to be below 5. Anything over 5 is pretty much guaranteed to be legitimate spam, and I would check that every few days. I don't do this, however, because I simply don't get the 100+ spam emails a day that the ./ editors claim.
  • Bottom line -- Spam (and the tools required to fight spam) are the biggest reasons we will still be using stamps and snail mail in the years to come. Spam has taken the "killer app" of the information age -- and crippled it beyond use.

    It's a catch 22 because if you don't filter spam the signal to noise ratio is way to high to make email a valid source of legit communication. If you do filter -- the better you filter, the higher the chance of important bits going to /dev/null. I would go into more detail -- but one look into most mail boxes that have been around the internet for long would speak louder than a thousand words.
  • by Caradoc ( 15903 ) on Friday July 12, 2002 @01:45PM (#3871995) Homepage
    "Recent complaints about blocklists have come from companies and organizations, including British Telecom, the Libertarian Party and News.com publisher CNET Networks, among others."

    btinternet is complaining about getting blocked because they don't bother to nuke their spammers. CNET doesn't verify e-mailed subscriptions, so just about anyone can sign someone else up.

    Is it any wonder that they're complaining about being blocked?

    "Well-researched" my ass.
  • I wish there was a way to reduce the collateral damage caused by blacklisting. Then again, sometimes it's intentional. Take me for example. I've gotten more spam from Broadwing.net customers than I've ever gotten from anyone else. Broadwing.net doesn't give a damn about it either. I've LARTed them many times with spam. They don't even auto-ack you. Because of their in-action, I've blacklisted every broadwing.net netblock I can find. I want to get their attention by hitting them where it counts, their bottom line. I listed them with the intentions of a) stopping their spam, and b) getting their customers to complain about their inability to send mail to me and find out the real truth for themselves. There's no other way to get through to Broadwing unless your state has an anti-spam law that also finds fault with pro-spam ISPs. Then I have to sue which costs me time and money. This is really the only method of getting their attention. The collateral damage I'm creating by doing this is intentional. Most DNS blacklists don't do this. Some do though. The RBL will through a lengthy nomination process. SPEWS does it when all else fails. I use SPEWS. I also use their tactics. When I LART spam to an ISP numerous times and never hear back, or while researching spam I see that an ISP has been LARTed by other anti-spammers many times, I'll consider blacklisting them. I try to give them the benefit of the doubt though. Broadwing used up all their benefits and obliterated all my doubts long ago.

    All that said, I think that collateral damage is acceptable in most cases. I think there's a reason behind it that some don't grasp right away. When you've LARTed an ISP a dozen times over one IP or one of their customers and they haven't done jack about it, you'll understand the usefulness of collateral damage.

    My $.02

  • Overkill (Score:2, Informative)

    by Jobe_br ( 27348 )
    Killing of all mail from yahoo/hotmail is pretty severe. Many, many people (who might have other legit addresses) maintain yahoo/hotmail addresses for when they're on the road. Many other people who want to keep the same address, regardless of what ISP they're using at the moment also use Yahoo/Hotmail. I recently did a search through a client's newsletter subscription database (to compile a list to send the newsletter out to) and over 50% of the addresses were either yahoo or hotmail domains.

    I don't see why (with SpamAssassin) you would need to be so draconian. SpamAssassin catches all my spam, regardless of where it originated. If your installation isn't catching what you consider spam, adjust the rules a bit. There's a lot of good documentation on how to do this and it isn't real hard (mine seems to be working fine, out-of-the-box). Now, its very possible that a person would get legit email from yahoo/hotmail addresses that they simply don't *want* to get ... fine, but that's not SPAM.
  • Hey, tough shit.

    My personal solution to SPAM is to ban all e-mails from anyone I don't know. If I get an e-mail from someone not on my address book or accepted e-mails list, its automatically deleted before I see it.

    This requires actively maintaining a list of e-mails, but it is fool-proof for elminating spam, and won't filter out many legitimate messages from people you WANT to get messages from.
  • by joeldg ( 518249 )
    Buy a new domain. Start receiving 60 spams per day on each email, even though you have not posted them anywhere yet. Start reporting them to spamcop.net for some reason spamcop decides that it is a good idea to check the box next to *your* service providers name automatically. Sends report to my service provider. My service provider in getting so many of these all the time, don't bother to look at them and realize I am the one reporting this crap. My domain hosting is turned off without warning or even an email explaination of why. Total time.. one week. On a bright note, I talked with them and they went and looked a the reports and realized the error and turned my account back on within one hour. But still.. this should *not* have happened.. Yea.. Collateral damage (to myself)
  • I'm not sure about everyone else, but a good 90% (or more) of my SPAM comes from Asia Pacific networks. In order to combat this, I have used the access_db feature of Sendmail to block these off.

    Over the past week since I've done this, I've blocked in excess of 100 pieces of SPAM from my INBOX. It seems to be working very, very well. You can read the article I wrote on how to accomplish this right here [thelinuxpimp.com]. The article just discusses the access_db file, but the comment right below lists the networks that I blocked.

    I'm well aware this solution will not work for everyone, but for my needs, it has been a godsend.
  • If you insist on using the terms "incest", "enlarge your penis", "make money fast", or "you requested to receive e-mail" in your personal correspondence then use encryption and sign your email so you don't get filtered out. If you are on a node that is blacklisted then either complain to your provider or move to a more responsible one.
  • Someone mentioned TMDA, which is basically similar to the system I use.

    Here's my system.

    1. Make a comprehensive address book, listing all known contacts and companies you want information from.

    2. Set up a filter to let any e-mail through which is in your address book or allowed senders list, OR to allow any e-mail through which has your "ok password" on it (i.e., anything with "32dje573hkjd3k:" is let through), unless an exception is noted.

    3. Set up a web page which displays your "ok password" as a GRAPHIC IMAGE, not a text image.

    4. Set up a filter such that any e-mail not from a known contact or without your "ok password" on it is automatically deleted, and a message sent back to the originator, "Your e-mail has been automatically deleted from that person's account, as you are not a trusted source. If you want to sent that person a message, go to http://www.persons-webpage.com and find his 'ok password'. Put his 'ok password' on your message title followed by a colon and the rest of the title, then re-send the message. The person you are trying to e-mail will then receive your message and evaluate whether or not your are a trust-worthy source. If he decides you are a spammer, flamer, or anything else of the kind, he'll take further measures to avoid getting e-mail from you".

    5. Anyone who's a legit e-mail sender will do this. Then you can get their messages and add their e-mails to either your address book or "accepted e-mails list". Some spammers may do it to, but these will be few and far between; and then you can filter them out specifically.

    APPENDIX: A note on your "ok password". Your "ok password" should NOT be static. It should change daily; and there should be multiple "ok passwords" daily which will be randomly displayed to each different user who enters the site. Use a random password generator to generate different passwords at various intervals, convert the text to a jpg graphic, and post it on your web-page.
    • An alternate solution is simply to set up a random response system such that each "non trusted source" is sent an e-mail with your "ok password on it" but the "ok passwords" are generated dynamically and randomly by a random password generator, and each "ok password" is linked to a specific e-mail address, and will only work if used in correlation with that e-mail address.

      To accomodate for potential contacts who may change e-mails rapidly, you may want to create one master "ok password" and give it only to people who your really trust. This would be a convenience for them when switching e-mails; however, it is a potential security flaw.
  • How else can you boycott the ISP w/o collateral damage? SPEWS does not list the ISP, and hence, no collateral damage, until the ISP has had plenty of time to cut off the spammer. In order to increase the level of pressure on the ISP, more of their address space has to be listed to "encourage" them to cut off the spammer. The usual first listing is the whole /24 the spammer is in (if they weren't doing it from the whole /24 in the first place). Maybe they will start listening once their own customers complain (and that's the proper place for the customers to complain to, their ISP). If they continue to ignore the problem, then eventually the whole ISP will be listed. If it's a multi-level ISP, their upstream starts to get listed, too.

    The philosophy SPEWS appears to be using, and one I now agree with (previously I did not, but sometimes my opinions do change ... hey, I'm open minded), is that the spam problem will not go away by blocking only the spammers. ISPs have to play a part by not signing up known spammers, and cutting off spammers that got signed up because they were not known at first. Blocking spammers alone will be a never-ending battle because then there is no incentive for any ISP to turn them away and they just keep moving around to evade the blocking. To end spamming, the ISPs have to quit offering them services, or we have to quit accepting traffic from the set of ISPs that do harbor spammers.

    It looks like collateral damage, but it's just another form of boycott. If I organize a boycott against my local newspaper, then the advertisers suffer because fewer people read their ads. And such boycotts are known to even extend to boycotting the advertisers if things get bad (and spam right has gotten very bad already). Is that fair to the advertisers? Of course not. But that's the nature of the activity; it is, among other things, trying to encourage the advertisers to cease advertising there. So in the same way, by boycotting a whole ISP address space, the idea is to encourage their customers to change to another ISP, until the ISP changes their ways.

  • by btempleton ( 149110 ) on Friday July 12, 2002 @05:01PM (#3873481) Homepage
    What amazes me about the spam fight is how much it has led people to promote the idea of punishing the innocent in order to get at the guilty.

    People who would have fought with vigour against punishing the innocent in other fields seem willing to give it up, in of all places, the free speech question of who can email whom.

    Yikes. We are willing to let murderers go to make sure we don't punish the innocent. Yet for some reason spam makes people think it's OK to trample on the free speech rights of the innocent to get not a murderer, but a spammer. I hate spammers as much as anybody -- I get 120 per day -- but let's keep them in perspective.

    The most common justification is the canard that it's not about speech it's about property. Problem is all use of the internet involves using somebody else's property. On the internet there is no speech without the use of other people's property, and thus no unsolicited communication without the unsolicited use of somebody else's property. This makes it very tough to solve by thinking of it as a property issue.

    There are other, better methods that don't generate false positives or generate extremely few. I've written extensively on them.

Nothing ever becomes real till it is experienced -- even a proverb is no proverb to you till your life has illustrated it. -- John Keats