Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

As the Spam Turns 408

Anonymous writes "The SBL has added Verio's corporate mail servers to its blocklist which protects nearly 100 million mailboxes, because of the number of spam gangs on the Verio network. Verio also provides connectivity to AS26212, a collection of 9 of the most notorious spammers netblocks. AS26212 - the new spambone? - is also connected to he.net and bbnplanet.net."
This discussion has been archived. No new comments can be posted.

As the Spam Turns

Comments Filter:
  • by Anonymous Coward
    We need our royal crusader, Spamford Wallace, to fight spam as he promised to do after being bitch-slapped for his own spamming crimes.
  • Oh no! (Score:5, Funny)

    by Yoda2 ( 522522 ) on Sunday November 17, 2002 @11:42PM (#4694196)
    Now how will I know the best way to enlarge my penis or get that degree from a fine, unaccredited institution?!
  • by shaitand ( 626655 ) on Sunday November 17, 2002 @11:44PM (#4694213) Journal
    To see the spammers win and block legitimate sites to stop the criminals is well... criminal. Isn't that what all of us who believe in freedom are supposed to be fighting against. I hate spam as much as the next guy, but I'd rather see every spammer run rampant then restrict even one innocent party nobody cares about.
    • by d2ksla ( 89385 ) <krister@k[ ]ger.com ['mla' in gap]> on Sunday November 17, 2002 @11:54PM (#4694278) Homepage
      but I'd rather see every spammer run rampant then restrict even one innocent party nobody cares about.

      In the comment from Spamhaus it is clearly stated that only the Verio corporate mailserver is blocked in order to protect their ISP users.

    • I'll second that. Folks, let's face the facts: there are tons of people out there who have no clue what they signed up for, and then buy automated spam reporting software. Sites where someone legitamately signed up are then painted with a VERY broad brush as spammers by idiots who then assign everything in their e-mail box as spam.

      I've had people sign up to get info from a site i run, and upon receiving the first e-mail that they explicitly requested, write back in all caps "HOW DID YOU GET MY ADDRESS??? STOP SENDING ME THIS!!!"

      Couple that effect with vigilante spamblock operations (whose haughty tone assumes EVERYONE reported to them is evil) and you have people being slimed who are doing legitimate business on the web.
      Yes, I agree people who forge headers or don't properly cull lists are negligent. They are buffoons who should be blocked. But hey, what are you going to do, block yahoo.com?
      • by Ilgaz ( 86384 ) on Monday November 18, 2002 @01:02AM (#4694595) Homepage
        I don't believe a single word of you. Your URL, which is some sort of affilate ID makes me think different stuff than the thing you said.

        What is "your site", if its "your site", you are CEO of Reozone.com? If thats true, do you affilate with them?

        Let me tell the real story. You had some sort of an innocent mailing list, than you sent that reozone.com URL with your affilate link to them.

        Oh blocking Yahoo.com? gmx.de blocks them, Novell Myrealbox blocks their mailing list service because of non-serious abuse policy (even they are a potential huge customer). Also, when a yahoo mail user spams you, I have a record like, 2 hours later his account has been deleted.


      • How about facing this fact.

        ISP's that don't do something to combat spam are going to have customers leave over it.

        There are other ways of maintaining the list. I have heard the arguements many times, but fundamentally, its up to the sender to be certain that the recipients want to receive the email.

        First of all, is the sign up process a Double Opt-In [everything2.com] process? A pita to implement if it isn't done already, but good luck keeping an accurate list without it. It also helps establish a trust with the people who want the mail. 99% of the spam I still get claims that at some point in time I signed up for this list.

        Secondly how active is the list? Someone signing up for a list that doesn't generate any traffic for 6 months is a sure way to have people think your spamming them, even if they did actually ask to be on the list.

        As far as the spam lists, I've had to deal with there overzealous behaviour as well. They block mail servers that have an open relay hole in them very fast. The more zealous the site, the less likely I am to use the list. No ISP is doing their customers a service by using lists that are ready to block every IP out there and damn them to hell for ever.

    • That "innocent party" should find a good provider with STRICT anti-spam policies than.

      If you do business with people who has no respect to others, you deserve it. Kind of.
    • Verio earned this, though. If they harbor this number of spammers, they can become like AGIS: Bankrupt and out of business. They steal from every ISP on the planet. My inbox is not their advertising space.

      When spammers pay me for the privelege of advertising in my box, then we'll talk business.

  • by I Am The Owl ( 531076 ) on Sunday November 17, 2002 @11:45PM (#4694215) Homepage Journal
    That's just what the Internet needs. When will ISPs decide, or be forced, to stop playing Big Brother and let the users make their own decisions about what to filter? The technology is out there, in the form of Bayesian filters, and is nearly perfect. So why do we still have to deal with upstream providers knowing what's best for us?
    • by Uma Thurman ( 623807 ) on Sunday November 17, 2002 @11:48PM (#4694239) Homepage Journal
      Nobody's stopping you from getting spam if you want it. Calling this censorship is completely and utterly misunderstanding what censorship is, and what a blocklist is.
      • This ISP is stopping it's customers from getting spam. That is the whole point.

        It is censorship.
        • The customers have alternate means of getting the spam.

          The ISP is private property. The owner of property can say who speaks on that property. An analogy: If you come to my house and stand on my lawn and start talking, it is NOT censorship for me to tell you to get off my lawn if you're going to talk. You're perfectly free to talk somewhere else.

          • Well, maybe if ISP's had an opt-in feature for their customers.Maybe they did contact all of their customers and explain this new "feature" and gave them an option - I'm guessing not.

            I'd rather have an ICP (connection) than an ISP any day.
        • Nope, if you read the article you'd see that just the corporate mail servers were blocked (like other posters have already pointed out) Their ISP mail servers we not touched. Nothing gets a point across to a CEO like suddenly having your email blocked.
      • by kgasso ( 60204 ) <kgasso@blort.STRAWorg minus berry> on Monday November 18, 2002 @12:59AM (#4694580) Homepage
        Exactly. We get users bitching and moaning about spam, and what are we going to do -- ignore them and let them take their business elsewhere? We are taking the route of designing a crap filter the users can configure, and select which BL's to use -- all based around procmail and SpamAssassin. User doesn't want any filtering? Okay, easy enough for them to disable it completely.

        I don't want to sound like a callous jerk, but it doesn't sound like the original poster knows what it's like having thousands of users screaming for some sort of server-side spam filtering. For their $18 or whatever a month, the majority of them want their ISP to do something about the viagra/pr0n/MMF spam in their mailbox. ISP's just need to make the right decision in letting the users decide if they want filtering or not. Users can always go elsewhere if the ISP wants to enforce filters the user doesn't like.

        My $.02 USD.
    • When will ISPs decide, or be forced, to stop playing Big Brother and let the users make their own decisions about what to filter?

      I specifically choose ISP that follow spam black-out lists. Makes my life a lot easier. It's my choice to choose my ISP.

      Kids with their Yahoo! or Hotmail account usually don't care about spam, but I do, because each piece of spam causes me to loose billable time.

    • This isn't so much censorship as it is removing a source of unwanted, unsolicited mass mailings. In many states, this is illegal, especially when it comes to telephones. I personally really like the fact that this might possibly remove a source of spam from being able to deliver to my email account.

      Besides, if they decide to take the initiative and prevent this sort of thing from happening, they can be reinstated. Sounds good to me.
    • by Frater 219 ( 1455 ) on Monday November 18, 2002 @12:03AM (#4694338) Journal
      The technology is out there, in the form of Bayesian filters, and is nearly perfect.

      Bayesian filters, SpamAssassin, and other client-side content filters can indeed reduce the amount of spam that you see. As such, they can reduce some major costs of spam for the average Internet user, small site, or business: costs such as annoyance, offense, wasted time, and harm to productivity thereby caused -- that is to say, the end-user costs of spam.

      However, they have no effect on the cost of the bandwidth and other resource costs of spam, which are substantial for large ISPs and large businesses -- and for the Internet as a whole. In order to perform content filtration on a piece of mail, you must receive it and store it first, which has its costs. (Consider that large ISPs regularly report that anywhere from one-third to two-thirds of their mail is spam.)

      Only forms of spam filtration which do not permit the spammer to send the spam to your mail server can reduce the bandwidth cost of spam. In practicality, that means filters which apply to one or more of the following (in increasing order of cost):

      1. The sending host's IP address;
      2. The sending host's DNS name or other IP metadata; or
      3. The contents of the SMTP envelope, that is, the arguments to the MAIL FROM and RCPT TO commands, or other sender behavior prior to the DATA command.

      (Note the SMTP envelope is not the same as the mail headers, which are part of the SMTP DATA. An SMTP server is permitted to reject mail before DATA, but is not allowed to drop the connection in mid-DATA. If you do not understand this, read RFC 2821.)

      DNSBLs -- such as SBL, MAPS RBL, and SPEWS -- all apply to the IP address of the sending system. Domain-based rejection lists (which are not commonly published) apply to the DNS name of the sending system. RHSBLs, and relay checking, apply to the SMTP envelope.

      Keep also in mind that one function of some (but not all) DNSBLs is not merely to filter out spam, but to discourage it from being attempted in the first place. By rejecting mail from networks which have proven themselves to tolerate spammers, we tell network operators that if they wish to be able to send us mail, they must kick off their spammers. It's their choice which they do; they just have to choose which is worth more to them: being able to send mail to sites that don't like spam, or being able to host network-abusers with impunity.

      (Incidentally, you will find precious little sympathy for calling spam filtering "censorship". Censorship, as those who have experienced it understand, happens when some party uses violent force to stop a view or expression from being published by its advocates (at their cost). Spammers aren't trying to publish their views at their own cost and being violently restrained from doing so: they're trying to steal the use of others' equipment to publish their stuff.)

      • by CoolVibe ( 11466 ) on Monday November 18, 2002 @12:42AM (#4694514) Journal
        Content filtering helps. The more users use content filtering, the less of the spammers' messages gets seen by the users, and it will make mass-mailed advertising scams profitless, and if that's successful, spam dies.

        Sure, DNSBLs and other blacklists help. They should be used. The content filtering is just perfect for covering that last mile (if spam passes all the blacklisting mechanism). It _might_ deterr spammers from spamming, but I doubt it. Spammer notices that his last mailing bounced, and he uses another open relay.

        If a spammer knows that Bayesian filters and Spamassassin/Razor type content filtering are widely deployed, it will act as a quite effective deterrant for sending spam. Maybe.

        What really needs to be done is EDUCATE isps that an open relay can get you in a whole heap of trouble. Of course many have closed their relays, but a lot still have open ones. Especially administrators in the Middle East and Asia need to be LARTed badly, since that's where 90% of my spam is relayed from. Once all open relays are killed, the spammer has only 2 alternatives, either set up his own SMTP, or use the one his ISP allocated to him. Both are easy to track and put an end to. The spammer would have to register for a new account and the more often that happens, the sooner his/her name will be blacklisted. Heck, if anti-spam laws are legislated, the spammer could end up in jail. Jail is the ultimate deterrent. There's nothing like the prospect of being assraped by Bubba to deterr spammers.

        With respect to the "filtering spam is censorship" comments, well... Content filtering is my way of plugging my ears with my fingers because I do not want to know what you are trying to sell me/scam me into. The DNSBLs are a LART to teach the admins not to run an open relay.

        • by Frater 219 ( 1455 ) on Monday November 18, 2002 @01:44AM (#4694762) Journal
          What really needs to be done is EDUCATE isps that an open relay can get you in a whole heap of trouble. Of course many have closed their relays, but a lot still have open ones.

          "If we close the open relays, spam will go away" is actually what a lot of spamfighters thought five years ago. A common opinion then was that spam was basically a technical problem, like a security hole or smurfing [netscan.org], and that applying the appropriate technical fix to mail servers would prevent it.

          Unfortunately, that hasn't worked. First off, open relays are not the only technical problem that makes spamming easier. Open proxies [monkeys.com] are just as common today -- and worse, since they hide the tracks of spammers. (They're also used by all sorts of other abusers.) Moreover, open proxies are harder to get people to close down, since blocking access from them to mail servers doesn't usually affect their legitimate users -- and thus doesn't draw their attention.

          Second, it has been increasingly realized by most spamfighters that spam is a social problem, not merely a technical one. The problem isn't just that there are abusable resources, but that there are people who are willing to abuse them for profit, and other people who are willing to aid and abet those abusers in order to reap a share of that profit.

          As a parallel, consider burglary. Sure, it is good to employ technical means such as deadbolt locks and alarms to block or deter burglars -- but nobody thinks that burglaries are solely technical problems, and that we should pursue only better locks rather than the arrest of burglars. Burglary is a social problem; specifically, a problem caused by some people's willingness to violate others' rights. We call those kind of problems "crimes".

          Spam is a particularly frustrating crime since anyone who considers the proprieties of the situation can recognize it as lawless, but few legislatures have chosen to formalize its criminality in statute. It's lawless because it defies the property rights of mail server owners, alienating their resources for the spammer's use without permission. That's often covered by statutes regarding theft of service, computer crimes, or various sorts of tort, and there have been a number of cases wherein spamming was recognized by judges and juries as such. However, in many jurisdictions there's no statute to point to that says "spamming is a crime".

          Third, there's also an social-technical problem. There's a small number of crooks who can profit themselves greatly by finding means of sending spam. Each of them has a much greater incentive to locate these means than any individual spamfighter does. This is a social problem in a different sense: insofar as spamfighting relies on discovering paths for spam propagation and getting them shut down (e.g. closing open relays) the crooks are always going to be several steps ahead.

          By targeting organizations and persons known to be sources of spam, rather than the victims they exploit to send that spam, we can get around that problem. The number of large-scale spammers is actually rather few. Steve Linford's ROKSO [spamhaus.org] (Registry Of Known Spam Operations; same guy as the SBL) lists around 100 organizations which have been thrown off of ISPs three or more times for spamming.

          Fundamentally, I agree with you that the problem is one of education. However, it is not merely the education of ISP technical staff that must take place. It's the education of everyone involved -- technical staff, their managers, mail software authors, spammers, the legal system, spam recipients, and businesses that might consider spamming. Everyone needs to wise up about spam.

    • I don't want to filter, I want to block.

      Speaking of spam, I wonder how much bandwidth all the spamcop reporting uses up.

      Basically every piece of spam creates at least five times the bandwidth usage...
      1. Send the full headers back to spamcop
      2. receive a report link
      3. visit the link
      4. send reports out to X number of abuse addresses.
    • By the time the Bayesian filters are engaged, it's already too late. The bandwidth has already been wasted, and should some legitimate mail be rejected, your mail server is now obligated to return a bounce message which means tons of spam bounces will sit in the queue. The right time to block spam is when the SMTP connection first arrives, but before any mail is actually sent. I won't be doing it any other way.

    • While you may have broadband, not everyone does. Probably 50% or more of Internet users are still on dialup.

      While you may only check your mail from one machine, not everyone does. And most people don't have the luxury of setting up an IMAP server so they can access their post-filtered mail remotely. (I do, but a cable modem connection isn't the most reliable, so I often find myself having to read raw unfiltered spam-laden mail.)

      Also, wireless access to email from cell phones (either "dumb" WAP browsers or "smart" integrated PDA/phone solutions) is becoming more common. Have you tried downloading 100 messages over a 14.4 connection, only 5 of which weren't spam? Have you tried sifting through 100 subject lines on a cell phone screen. (It's painful even on a Palm PDA screen like my Kyocera 6035's). Thanks to the proliferation of spam in my inbox, I cannot even THINK about using my wonderful phone for email, something which it would normally be excellent for.

      It doesn't matter how good client-side filtering is (mine is a manually maintained blocklist, plus a few rules to detect malformed HTML that is always spam and fake Yahoo/Hotmail/Netscape addresses not coming from their servers.), the client still must pay for bandwidth, and in the case of wireless users, per-minute download time at 14.4 (Or in 2.5G systems like Sprint Vision and Verizon Express Network, per-kilobyte.)

      Simply put, it costs the user money to receive spam, therefore something needs to be done about it before it reaches them. Server-side blocking reduces user costs in:

      a) Download time/bandwidth for the mail
      b) Storage costs on the ISP server that are passed on to the user in the form of higher fees.

      These are both costs that cannot be negated with client-side filtering.
  • by Anonymous Coward on Sunday November 17, 2002 @11:46PM (#4694221)
    Ref: SBL5263 is listed on the Spamhaus Block List (SBL)

    Nov 17 2002 - 15:3hrs GMT

    Verio, Inc. Corporate Mail Relays
    This SBL listing of Verio, Inc. corporate resources for Knowingly Providing Spam Support Services, is made with sadness on the part of the Spamhaus Project team because we know Verio has an extremely good Abuse Team and an excellent Acceptable Use Policy. We are certain Verio's spam problems are caused by greed-driven executives overriding the Abuse team and making a mockery of Verio's Acceptable Use Policy.

    Things have gone seriously wrong at Verio. Verio is in management crisis and Verio's Sales management has made an unwise decision to generate additional cash by purposefully selling connectivity to well-known spam gangs enabling blatant spam operations to operate from the Verio network.

    A number of hard-core notorious spam gangs run by spammers with criminal records for fraud or theft are now hosted knowingly by Verio, therefore the volumes of Verio-hosted spam have increased dramatically. Gangs including "US Health Labs" and "Cyrunner" (running two separate fake ISPs "UNIPXNET" and "IXXNET" off Verio with fraudulent registrations designed to misdirect spam complaints) are flooding the Internet non-stop in spam for "pre-teen-sex", "make-penis-fast", viagra, loans and mortgage scams.

    Verio's broadband business unit's president is believed to have personally approved the sale of 100+ high-bandwidth lines to US Health Labs, knowingly for spam purposes. These are sales made knowing that US Health Labs, run by professional spammers Mike Cunningham and Andrew Amend, are a spam gang whose sole business and sole use of Verio's network is for the relentless and illegal spamming of millions of U.S. Citizens.

    Another long-term professional spam operation, IMG Direct run by Steve Hardigree and Frank Bernal moved to Verio on 1 November after being thrown off Sprint. Another spam operation, Gordon Lantz, like the others thrown off almost all major U.S. networks, is about to go live on Verio having been approved and scheduled for installation.

    With increasing alarm, the Spamhaus Project has watched spammers moving to Verio due to Verio Sales Managers knowingly doing business with notorious 'porn & pills' spam gangs. Spamhaus believes that Verio's CEO is ordering the Abuse department to disregard the AUP and that is a situation that, as well as illuminating a disastrous state of affairs for Verio customers and shareholders, is unacceptable to us.

    This SBL listing of Verio's Corporate Mail Relays is intended to not impede the normal communications of Verio customers, but to concentrate boycott action on Verio executives. Executives who appear willing to supply Spam Support Services foregoing ethics and integrity in return for promises of larger line purchases from spam operations.

    Email from Verio Corporate Mail Relays is currently being refused by 98 Million international SBL users. If you are currently experiencing mail difficluties due to this listing, please contact your Verio account manager/Verio Customer Support now. A Verio executive needs to contact Spamhaus.

    SBL Listings of spam gangs hosted by Verio [spamhaus.org]

    Verio spam complaints (current issues) [google.com]

    The 'Cyrunner' spam gang (aka "UNIPXNET" and "IXXNET") [spamhaus.org]

    The 'US Health Labs' spam gang [spamhaus.org]
    • For the spammers to provide revenue for Verio, *someone* must actually buy the trash being sold. But even more mind boggling are the people that fall for the scams. There needs to be more reading of Proverbs. For example, those contemplating helping out that Nigerian Princess for a cool million should consider:
      [KJV] Proverbs 11:15 He that is surety for a stranger shall smart for it : and he that hateth suretiship is sure.
      or maybe this:
      [KJV] Proverbs 27:13 Take his garment that is surety for a stranger, and take a pledge of him for a strange woman.
      and for those get rich quick schemes:
      [KJV] Proverbs 28:22 He that hasteth to be rich hath an evil eye, and considereth not that poverty shall come upon him.
      As for the "hot teens", while marriage vows are not highly esteemed these days, it shouldn't take a Solomon to realize the folly of sex with strangers. But here's Solomon's warning from Proverbs 5:
      3 For the lips of a strange woman drop as an honeycomb, and her mouth is smoother than oil: 4 But her end is bitter as wormwood, sharp as a twoedged sword. 5 Her feet go down to death; her steps take hold on hell. 6 Lest thou shouldest ponder the path of life, her ways are moveable, that thou canst not know them . 7 Hear me now therefore, O ye children, and depart not from the words of my mouth. 8 Remove thy way far from her, and come not nigh the door of her house: 9 Lest thou give thine honour unto others, and thy years unto the cruel: 10 Lest strangers be filled with thy wealth; and thy labours be in the house of a stranger; 11 And thou mourn at the last, when thy flesh and thy body are consumed, 12 And say, How have I hated instruction, and my heart despised reproof;
      Notice the part about "thy flesh and thy body are consumed". VDs weren't invented in the 20th century, and yes, the ancients knew how those nasty infections were contracted. Furthermore, those "barely eighteen" girls are being horribly exploited. What monsters would actually pay their slave masters, when they should be in jail?

      And then there's the penis enlargement . . .

      So who *is* buying this stuff? And if they are that stupid, where did they get all that money?

  • by GreyWolf3000 ( 468618 ) on Sunday November 17, 2002 @11:48PM (#4694232) Journal
    I got a Nigerian money scam today with a yahoo address in the header.

    I replied with a cheap goatse.cx link. It went something like "Sure, I'll do it--but can you please check my [a href="http://goatse.cx"]website[/a] tomorrow--I will post a picture of an open door to indicate that you have been granted the go-ahead. If not, it will mean I need another day for my paperwork to be prepared. I have been having troubles with my bank lately, and they might be looking into me, but fortunately I have the right friends. I think email is much too insecure for this." I guess trolls do provide something useful for the community.

    • " I got a Nigerian money scam today with a yahoo address in the header. I replied with a cheap goatse.cx link. It went something like "Sure, I'll do it--but can you please check my [a href="http://goatse.cx"]website[/a] tomorrow--I will post a picture of an open door to indicate that you have been granted the go-ahead. If not, it will mean I need another day for my paperwork to be prepared. I have been having troubles with my bank lately, and they might be looking into me, but fortunately I have the right friends. I think email is much too insecure for this." I guess trolls do provide something useful for the community."

      Haha, that is good, but I can one-up you on that... I've told this story recently in another slashdot thread but I'll actually post the guy's response this time.

      Here is my response to the original spam:

      Hello, Mr. Abu, it is wonderful to be doing business with you!
      My name is James Kirk with phone#202-406-5850 and fax#202-406-5031.
      [these are the phone and fax number for the US Secret service electronic crimes bureau]
      Company: Utopia Planetia Fleet Yards
      Company Address: 33601 Lyon Street, San Francisco CA 94123
      I look forward to receiving this money!
      [yes, the james kirk name was inspired by the haxial.org thing]

      The guy e-mailed me back and asked me to phone him on his private line. I looked up the phone exchange and it indeed was in Nigeria.

      Then I got another e-mail from him an hour later:

      Subject: WHY?????

      Dear Kirk,

      If you were not interested in assisting us, you sholud have kindly told us so
      that we can look for another foreign partner who might be interested in
      assisting us, instead of agreeing to assist, and giving the number of your
      secret service for us to contact.
      Why could'nt you be man enough to tell us that you are not interested.

      Well, I wish all the best, as we continue our search for a reliable person
      that will be genuinely intersted in assisting us.

      He actually called it. I got some of the other scammers to fax their documents to the fax number. One guy e-mailed me back and said that the lady on the line didn't know of any James Kirk there. Teehee...
      • If I were smarter, I would have emailed as if I were really into it, waited for their response, and then sent 'em the link. Then they would have flagged me as a potential victim, and so they might have actually visited the link. As it stands, I concede victory on the basis of getting the thrill of a real response ;)
    • Rich Kyanka, one of the Something Awful gang, pulled a hilarious series of pranks [somethingawful.com] on the Nigerian money launderers. Some of their other pranks on spammers [somethingawful.com] (scroll down to email section) are pretty damn funny as well.
  • Congratulations! (Score:3, Interesting)

    by Anonymous Coward on Sunday November 17, 2002 @11:49PM (#4694242)
    As with the UDP, all that ridiculous overreactions like this result in is an increase in those who find the cure nych worse than the sickness.

    I used to subscribe to a few filter lists on my mail servers, but the operators are such assholes about things that the lists are now useless, filtering out more valid email than bad (when you consider that a few intelligent local filters can eliminate 90% of spam).

  • Spam to spammers (Score:5, Interesting)

    by razmaspaz ( 568034 ) on Sunday November 17, 2002 @11:51PM (#4694259)
    Do you think the people who send out all this spam get annoyed at all the spam in their mailbox or are they proud of the work they do?
  • by autopr0n ( 534291 ) on Sunday November 17, 2002 @11:52PM (#4694269) Homepage Journal
    IE the founder of the EEF and the guy who refuses to close is open mail relay?
  • ...That is, if you have Mozilla. :-)
  • by dustpuppy ( 5260 ) on Sunday November 17, 2002 @11:58PM (#4694304)
    Hmmm ... i don't know if it cooincidence, but the spam in my Hotmail account has significantly dropped off ... from 30 to 100 spam a day down to 10-20 max ...

    • Mine also, and I asked a couple friends who run ISPs, one in Japan, they also noticed a drop in spam. Could this "Mike and Andrew" health labs really be doing 50% of the spam in the USA?
    • Same here. The spam noise level on Hotmail is so intense that instead of checking individual items to delete, it's easier to set your hotmail preferences to display only 25 emails at a time, and then when checking mail just always click on the "check all" box to tag EVERYTHING for deletion. Then quickly scan down the list and maybe uncheck the one piece of email that is worth reading. I've saved my index finger from carpal tunnel this way.

      Anyway, I used to plow through at LEAST three screenfuls of garbage at a time this way on Hotmail, but in the past few days, I've been doing only one screenload and getting all of it. So maybe something has happened.

      Of course, it's going to come back very soon, so don't get too used to this. It's strange how we've sort of come full circle from being an agricultural economy and shoveling horseshit all day, to having an industrial revolution, and then computers, and worldwide computer networks, and after all this we end up still having to shovel mountains of horseshit around on a daily basis.
  • by red5 ( 51324 ) <gired5@gma[ ]com ['il.' in gap]> on Monday November 18, 2002 @12:00AM (#4694321) Homepage Journal
    A while ago I worked for a now defunct dot-com that dealt in e-mail marketing through opt-ins. When we moved to hosting through verio. They threatened to cut us off even though our mailings were opt-in, and sent from a different (non-verio) location.

    Their anti-spam policies were so draconian that we had to move to exodus. When did they become pro-spam?
  • Dozens of the same e-mail (promoting a "Horny Black Sluts" site) reached my mail server; all with different subjects and remitent addresses, and most of them within a single period of less than 15 minutes.
    I guess it was one of the most aggressive spamming campaigns I have ever been victim of.

    Now, those who support these spammers will have to suffer the consequences. But, who will have to pay the bandwidth when my E-Mail Backup service provider come to tell me that I've reached the limit?
  • by cperciva ( 102828 ) on Monday November 18, 2002 @12:09AM (#4694363) Homepage
    We really need a law which requires Internet service providers to publicly disclose their terms of service -- that is, publicly disclose what terms of service they actually enforce.

    After all, it's really just a consumer protection issue: Verio claims to have an active abuse department, and is thereby misleading people who assume that spammers on Verio's network will be shut down.
    • The US government doesn't even uniformly apply their own laws... How do you expect them to demand companies do?
      • The US government doesn't even uniformly apply their own laws... How do you expect them to demand companies do?

        I'm not USian, so I may be entirely wrong here... but isn't it possible to prosecute someone privately? Ie, you think they've broken the law, the police don't want to file charges, so you file them yourself (and take the place of public prosecutor)?

        It would be perfectly good enough if third parties could take an ISP and a spammer to court and get the court to order the ISP to enforce their abuse policy.
        • I'm not USian, so I may be entirely wrong here... but isn't it possible to prosecute someone privately? Ie, you think they've broken the law, the police don't want to file charges, so you file them yourself (and take the place of public prosecutor)?

          IANAL--but I don't think so.

          Unless the crime is also a tort against you, I don't think you have standing to sue.

          However, if you're harmed by the crime and the DA doesn't prosecute--and they've got ample evidence to convict--you might be able to take the DA to court to force the issue.

          'course, that was something I saw on Law & Order, so i have no idea if it's true or not...

          It would be perfectly good enough if third parties could take an ISP and a spammer to court and get the court to order the ISP to enforce their abuse policy.

          If you get spammed via an ISP's misconduct and suffer damages (lost work, wasted time, etc.) you probably have standing to take the ISP to court to force them to properly secure their system.

          Unfortunately, if you've got the kind of money/time to be taking ISPs to court for a nuciance, you probably can just get real spam blocking installed...
    • I just had an interesting idea after reading your comment and this comment [slashdot.org].

      What would happen if spammers were forced to add a "Precedence = spam" (P=S) (or something other than "bulk") line to the mail headers?

      I think there would be two immediately helpful results:

      • Users could instantly filter all spam out at their end.
      • ISPs (rather, routers in general) could instantly filter out spam passing through their systems.

      An ISP could say in its user agreement that one could send spam from their servers as long as it contained a P=S header line. Or there could be a law on the books requiring spam to contain the P=S header line. I feel this is good because it does not make spam illegal (I feel that would be going too far and would probably be too hard to police) but it does make it manageable.

      With this in place, ISPs could easily manage their spammers and their spam. Users could easily manage their incoming spam, and miscellaneous routers all across the internet could easily dump spam trying to take up precious routing time.

      Of course, this has its shortfallings. It would only apply to spam coming from ISPs with such rules and from jurisdictions under such laws. That said, I bet it would significantly cut down on the amount of spam, and the locations where such spam could originate from.

      So, am I making sense or being ridiculous?

      • You make a good point, but the 2 things you recommend would autmatically happen.

        1. Joe Blow, who doesn't want to see anything but the e-mail from his family, will learn to filter out all that spam via that spam precedence.
        2. All isp's will halt e-mail at the routers, seeing as it churns up bandwidth better served servicing their customers.

        In the end, it would be a crap shoot. Spammers just wouldn't put the proper (whatever) in the headers.... kind of like when people rip a cd, they quietly ignore the copy-protection bit... :)
      • If the convention were widely enough accepted to
        be useful, then some spammers would stop using it.
        And some desperate ISP would serve them, and we'd
        be right back where we started.
      • Are you on crack?

        The whole thorny issue with spam is that it's hard to stop. If it were as simple as requiring that "spam" have a special identifier it would have been done long ago. There are three major problems with this:

        1. Spam is hard to identify, is it spam when you fill in a form to download some software and you get annoying email because you (maybe) forgot to tick the "don't send me email" box?
        2. Spammers will ignore a law that hurts their bottom line, and when confronted they will use #1 saying they're not sending spam, they're sending opt-in mailings or something similar.
        3. Spam is an annoyance so law-enforcement entities, if they bother investigating it at all, puts it way at the bottom of their list of priorities.

        What you're suggesting is equivalent to making a law that any pool-shark warn the people he plays that he's a pool-shark. What would happen? Would pool-sharks actually start telling people "I'm a pool-shark, and I'm required to warn you of that before we play, still want to play?" No! They'd just find a way around the law by becoming "secret pool teachers" or "very lucky players".

        • Okay. This is the first valid objection to my idea, so I'll go point by point.

          Am I on crack? Not to my knowledge. But is this a crazy idea? Absolutely. Remember the Niehls Bohr quote "We are all agreed that your theory is crazy. The question which divides us is whether it is crazy enough to have a chance of being correct."? Hell, if there's any place to place crazy theories, it's slashdot.

          1. Good point. opt-in mailings, opt-out mailings, etc. all sort of get around my method. I have no idea how to deal with this, short of setting a Precedence = opt-in head flag. Problem is, with this flag, the waters are much murkier than with a spam flag (and harder to determine whether or not to filter).
          2. Ignoring the law? I'll get back to this in a minute, but I think this problem is solved by how the Precedence = Spam (P=S) rule would be applied.
          3. Annoyance to law enforcement? The trick is to make it so that law enforcement doesn't need to deal with it at all (or at least only rarely). I'll get back to this in a minute too.

          Eh, I wasn't attempting a Megan's Law type of approach (the law which requires sex offenders to notify those in their neighborhood of their crime, conviction, and where they live). Changing labels is tough to deal with. Here's my approach:

          If there were a blanket law, it should be that ISPs must deal with any user which has more than X unique complaints concerning spamming by either cancelling the account, forcing a P=S flag onto all their outgoing email, or making sure the user stops spamming by other means left to the ISP. This really only leaves the ISP with two options, and forces users to either not spam or spam with a P=S flag if they're using one of the ISPs under the jurisdiction of the law.

          Now this does two main things. 1) It shoves enforcement to the ISP, after all, it's the ISP's user which is spamming, and what the ISP can do is clearly outlined by the law. Just dump the user if you don't want to deal with their spamming, you are allowed by law. 2) It would set up "rouge" ISPs which don't adhere to the law. If you know which ISPs allow spamming, they're easy to block, so this really isn't a large problem.

          But here's my problem with the method: it feels too much like the Scarlet Letter. The circumstances are a bit different, but forcing someone (or something, even email) to have a unique identifier so you can identify it as something you might want to avoid is a very sketchy idea. It's also probably not constitutional (equal protection... even for spammers?).

          That said, I think there is something to be said for my idea. It is flawed in certain areas (I still haven't given a good answer about enforcement of the laws/rules). It still lets spam flow freely (which I feel is a good thing) but gives people the ability to quickly filter it out. It still only affects spammers under its jurisdiction. If it worked, I'd be willing to be that somewhere between 70 and 85 percent of spam would be marked as such. And even if those numbers were lower, it would drastically reduce the amount of unwanted spam people got, as well as making it much easier for spam to be dropped at routers all over the internet (thereby alleviating the costs incurred by spam on so many systems).

          Hell, it's just a crazy idea.

  • From the google groups [google.com] posting about this:

    I will conclude by noting that the ixxnet.net autonomous
    system was created on 25 july 2002, so it is now in its
    third month of life; and that the ixxnet.net DNS seems to
    have been put together by the same incompetent that
    configured dialnil.com DNS (hint: MX).

    What excatly is so incompetent about the DNS configuration? I did a host -t MX ixxnet.net and didn't see anything out of the ordinary?


    • Re:DNS Question... (Score:2, Informative)

      by Anonymous Coward
      They have IP addresses in their MX records. This is against RFC.

      from a dig mx ixxnet.net:

      ixxnet.net. 1H IN MX 5 mail.ixxnet.net.
      ixxnet.net. 1H IN MX 4

      And from a dig mx dialnil.com:

      dialnil.com. 59m51s IN MX 4
      dialnil.com. 59m51s IN MX 5 mail.dialnil.com.

      RFC 1035 - "Each MX matches a domain name with two pieces of data, a preference value (an unsigned 16-bit integer), and the name of a host."

      http://www.isc.org/ml-archives/bind-users/1999/0 8/ msg00150.html

  • oh, no! the spam will get thru!
    stop this slashdotting immediately!
  • by Anonymous Coward
    More legislation? More bullcrap solutions like Spamcop.net? Hell no. We need to go the way of the Distributed Checksum Clearhouse and Brightmail. The moment we (as a network of companies and admins running SMTPs and MTAs) detect spam being received, we report the full headers and decide if we wish to actively block, filter, tag, etc.

    And, as ISPs, we simply have to monitor our resources more carefully. If we detect a lot of broadcast activity (i.e. outbound SMTP traffic) we're notified and we investigate. We collaborate.

    Real technology can block spam. Laws and crap like Spamcop just make more red tape and are half ass solutions.
  • A temporary fix (Score:3, Insightful)

    by Gary Franczyk ( 7387 ) on Monday November 18, 2002 @12:20AM (#4694408)
    Stopping email from the Verio domains is going to cause more pain than it will help. It is only a matter of time until the spammers find some other vendor to help them send their ads. Money talks, and in an open market, someone will provide the goods.

    I honestly believe that the only way to free ourselves from spam is intellegent filtering. Making it illegal will only cause the spammers to move overseas, if they even notice the law at all. The internet is far too large an entity to make a difference by blocking the IP addresses of spam-friendly domains. It won't put a dent in the real problem.
    • Re:A temporary fix (Score:4, Insightful)

      by LostCluster ( 625375 ) on Monday November 18, 2002 @01:19AM (#4694675)
      What this is designed to do is to make an example out of Verio. If an ISP hurting to make reveune targets agrees to look the other way towards spammers, that ISP will find itself in the black hole, and end up losing legit customers (whether they walk away in protest after hearing of the RBL, or simply because they think Verio's too clueless to get their e-mail to work) which negates the spammer income and then some.

      Yeah, it's cat-and-mouse, but eventually the mouse will run out of places to hide. There are a finite number of backbone providers in this world.
  • by Ziviyr ( 95582 )
    I knew Verio was trouble when they absorbed my local ISP and turned it into poop.
  • Spammers (Score:5, Interesting)

    by Ninja Master Gara ( 602359 ) on Monday November 18, 2002 @12:22AM (#4694426) Homepage
    I've had to shut down two mail accounts because of the enormous volume of spam they get. Enough to make even using spam filters a bandwidth problem on my dial up. They were unfortunate enough to be linked with mailto: on a medium traffic site before the harvesting craze began and within a couple weeks were effectively unusable.

    ISPs need to realise that if they're not going to do anything about it, they'll be blocked. This happened to us years ago when the ORDB started, and we fixed the problem immediately. We didn't think they were being nasty to us, we realised we had a problem, and we set about fixing it. When ISPs get globally klined from IRC networks, their customers want to know why, and put pressure on the ISP. They listen and respond.

    This is no different. If yer gonna be a spammy host, prepare to be blacklisted. Reponsible, rigid, no nonsense, targetted policies are the only thing that will have ANY effect, and even they won't STOP all spam. But it sure helps.

  • by hardaker ( 32597 ) on Monday November 18, 2002 @12:25AM (#4694438) Homepage
    Spam blocking has been around for ages. Blocking broken mail servers has been around for ages. Apparently, it's not working as my mail box still contains a lot of spam.

    We need a new solution folks, and blocking large portions of the net will not fix the problem. If you want to make *all* spam to go away, you need a different form of a solution because you can't block everyone who might want to legitimately talk to you. This decision will certainly block a whole slew of legitimate users from speaking with each other.

    I'm thinking SMTP needs to be entirely rethought. Unfortunately, this isn't practical either as it'll have the same effect as deliberate breakage during the transition. (hence the reason we don't have ipv6 yet either).
    • by Skapare ( 16644 ) on Monday November 18, 2002 @04:17AM (#4695270) Homepage

      What if the someone that wants to talk to you just wants to sell your something? Or what if they want to convice you to change your opinion about something. Or what if they want to just reply to your Slashdot posting privately? How are you going to tell these apart?

      The problem with spam isn't really the message. If I were to get in my mail box precisely and exactly the information I was interested in, I wouldn't have any problem with it. Maybe I would be interested in visiting just the right kind of porn site. Maybe I really would like to enlarge my penis. Maybe my printer really has run out of ink. Maybe. Maybe NOT.

      But this is a hard thing to work out when you are dealing with content. For example, I often post on mailing lists or USENET and for many, I do get private replies (and spam, too). It's reasonable to assume that if you post, you've invited a reply (unless you say otherwise). But a "reply" to a posting about what I think should be in the next version of some standard should not be asking me if I need more golf balls. That's just plain off topic. Still, I have gotten replies that are completely ON topic, yet are sent by someone that is a total moron and not worth reading and a total waste of my time.

      The real problem with spam isn't the content at all. The real problem is the way it is delivered, and the way it is determined to whom it is delivered.

      TV commercials, radio spots, newspaper ads, and web banners, are what I call gatewayed advertising. What that means is that someone (the TV station sales department, the newspaper advertising department, or CmdrTaco while trying to get more revenues for Slashdot to keep it alive and pay for the kind of bandwidth that would create a Slashdot Effect on most web servers) is the "gateway" into the media where the advertising is presented. You don't get to put a TV commercial on without paying the TV station for the time. As much as I dislike most commercials (some I do enjoy the first time around), I also know they pay for, or in some cases at least help pay for, what I am receiving. But the whole point is, it's not going to get out of control because there is someone acting as the gateway. TV stations know they will lose viewers if there is 50 minutes of commercials every hour. CmdrTaco knows it would ruin Slashdot if every page were plastered with dozens of banner and box ads totally obscuring the content. And even if they did do the wrong thing and ruin it, I can change the channel or go to another site. There isn't a scaling issue here for these media.

      But with spam, you can't change the channel. You can't choose to visit another site. And worst of all, it's not paying for a damned thing you receive.

      We can make a comparison of spam with telemarketing and fax ads. Neither of these really pay for anything you receive. While it may be argued that telemarketers keep the cost of phone service down by providing more revenue for the phone company, this isn't really true. Most telemarketing actually takes place at the peak times that phone networks are busy, so the phone companies just have to scale up to that level of business. They aren't getting new revenues, and you can be damned sure that telemarketers are not paying an extra premium to the phone companies to help lower your phone bill (there are plenty of scumbags in that industry that would find ways around that).

      Another comparison is with ads you get in snail mail. It doesn't really pay for anything you receive (they get huge discounts from the Postal Service for bulk packaging them so the delivery guy doesn't even have to check the addresses). But while these are annoying and a bit of a problem, it's not something that's going to grow exponentially from here because there is a "gateway" of cost. Those leaflets you get on your windshield are much the same. It's a pain to have to reach over and grab it and throw it away, and again, it hasn't paid for anything you receive. But like bulk snail mail, there is cost and someone has to roam around sticking them on.

      The problem with spam isn't the content, it's that so much can be delivered so fast and to so many people that there is in effect NO GATEWAY to this. And as bandwidth gets cheaper and cheaper, and servers get faster and faster, you and your delete key will have to just work harder and harder to keep up. No wonder people are working on automating things to delete spam. And it just escalates.

      So yeah, we do need to be able to continue to communicate, and this also needs to include advertising where appropriate. But there needs to be some kind of "gateway" to control it, to make sure it doesn't get out of hand, and to make sure the decisions about how much to send and to whom to send are decided on properly. And this also includes making sure it is sent to the proper email address for those of us with many (if you own a domain and have set it up so that any name on the left of the at sign works, raise your hand).

      There will always be those who think it is their right to communicate with everyone. But, yet again, the issue is not about the message, but instead is about the methodology. Email is not a broadcast medium and should not be treated as such. It is a one to one communication medium. And I translate that to being a person to person communication medium. So if you want to communicate with me, you need to at least be a person, and not a machine running some spamware. Maybe SMTP needs a rethought. Or maybe not. I've thought about it and don't really have any answers (yet). But I do think the ultimate solution is going to end up having to be something that proves that it is a person who communicates with me, and gives me as much of their time in sending me the message as it takes from me to read it or listen to it. We need to find some way to communicate that does not allow the sender to automate it without that message being tagged as automated. That is the real problem with spam ... it's so impersonal ... it's all automated.

    • How would you redesign SMTP? It's incredibly difficult to come up with a system that will allow one message through, that won't allow one message through that was also sent to five hundred other people on other servers without some sort of authority (be it a p2p authority, or a centralized authority).
  • Spam source (Score:2, Interesting)

    by confusion ( 14388 )
    I'm confused. The netblock that verio's mail servers are on have been blacklisted. The message states that they're being places on the BL because of knowningly hosting spammers, and in one case selling hundreds of high speed connections to a known spammer (presumably with the intent of fliiling them up withoutbound spam).

    How likely is it that the spammers get gobs of bandwidth and turn around and relay off of verio's mail servers? Isn't it *much* more likely that the spam is being sent directly from the IP addresses assigned to or owned by the spammers?

    Unless I'm way off base, I think this is more a punative measure against verio than a real reduction in spam.

    And yes, I do support blacklisting.

  • by Anonymous Coward
  • by realdpk ( 116490 ) on Monday November 18, 2002 @12:59AM (#4694576) Homepage Journal
    I find that figure *very* hard to believe. How do they figure it's 100M?

    Here's hoping this group is more responsible than SPEWS. With that (likely bogus) figure being announced, I doubt that they are.
  • Obligatory pitch (Score:5, Informative)

    by pongo000 ( 97357 ) on Monday November 18, 2002 @01:15AM (#4694647)
    TMDA [tmda.net] offers those who want it the ability to filter e-mail through a confirmation process (or, you can generate "keyword" or "dated" addresses for temporary use in newsgroups and other high-harvester areas). My spam went from several tens of spam messages a day to zero after spending a couple of hours with TMDA.

    This solution doesn't do anything about bandwidth (since you will still get the same amount of spam traffic at your mail port), but it's a fuzzy-warm feeling to be in control of your own mailbox for once.
  • Not My Bandwidth (Score:2, Interesting)

    by Glendale2x ( 210533 )
    I block spam using DNS blacklists on my mail server. I'm probably not the only one.

    "But," you say to me, "local filters are much better because you might not lose legit email!" I ask you: why should my mail server accept their stupid junk and waste my bandwidth just to filter it out later?

    I don't want to my server to accept it. I want it bounced outright with a nice little bounce message. In a happy shiny world, I'm hoping these SMTP rejects will send a message to someone out there. It probably doesn't make a difference, but I can dream.

    Yes; some legit email has been blocked. In both cases I'm aware of, the person contacted me through a hotmail account and brought it to my attention. I altered my blocking policy at that point.

    I'm open to any options out there for filtering/blocking that does not require me to download it and then filter it. If I wanted to just filter my mail, I can do that using my amazing human brain (better than any spam filter out there, I assure you) and click "delete" on the spams. But I want it rejected outright from known sources.

    So until a better option comes along, that's the way it is.

  • by coolgeek ( 140561 ) on Monday November 18, 2002 @02:47AM (#4694988) Homepage
    I'll probably get tagged as a troll for this one, but...

    I support and believe the position that spammers or other unauthorized users of a system that I own are stealing services from me. I further believe it is OK to block their traffic from crossing my equipment.

    Now, let's look at this from the telemarketing perspective...My phone at home is one of those models that has a wall wart. I believe when the phone rings, or is in use, it draws more current. So, when a telemarketer makes an unsolicited (and unauthorized) call to my phone, does that mean they're stealing my electricity? What about my most valuable resource, my time? Are they stealing my time?

    I hate spam just as much as the next guy. And I don't believe ignoring people who cause a nuisance infringes their right to free speech. I do however believe the "telemarketing" lens will be used by the Judicial System when examining these issues. Sooner or later, these spammers will mount a constitutional challenge to anti-spam legislation. Well, if they are making that much money, anyway. They may not even need the money for such a battle, it seems the EFF just might take up their cause.
    • Some things (Score:3, Interesting)

      by Sycraft-fu ( 314770 )
      First, your phone doesn't draw any more power to ring, or at least it shouldn't. The power necessary to ring is sent down the line. Have you never seen a phone that plugs only to the line? I have one sitting right next to me.

      As to your time, well, all sorts of things "steal" your time and and thus far that's not something that you have any recourse for. Besides, you waste plenty of people's time too, it's just how things go.

      The big difference between telemarketing and spam is who pays the cost. When a telemarketer calls me, I don't pay a thing, even if I do choose to answer the phone. They pay all associated long distance charges, my line costs me the same amount no matter how many calls I recieve. With SPAM, it is other peopel that foot the bill. The spammers order mail servers to send out thousands of messages, which uses tons of bandwidth on their ISP, and all the recieving ISPs. I work at a university and the amount of bandwidth used to SPAM is not trivial.

      This is why telemarketing is not allowed to a cellphone (in the US), you have to pay for all calls including those you didn't initate, so people aren't allowed to make sales calls that would cost you money.

      Also telemarketers tend to be much less persistant and much less fraudlent than spammers. Every time I've asked to be placed on a do not call list, the telemarketers have complied (because I can sue them if they don't). Also, all the sales calls I get are really offering me a legit service. When Sprint calls me selling long distance, they will make good on the offer if I want. At least 40% of the SPAM I recieve is totally fraudlent, and spammers don't know when to quit. I have recieved over 10 SPAMs per day for the same thing, form the same company. The only telemarketer I know that tried that receantly is the Miss Cleo service, and they got shut down and fined millions for it.
  • by akb ( 39826 ) on Monday November 18, 2002 @03:12AM (#4695070)
    'member when Usenet admins stopped filtering spam to get some attention to the problem? That sure as shooting got people to pay attention, what with all the servers that went up in flames from the load. Maybe that's what we need with email, it feels like we're building to that kind of standoff.

    Bet we'd see some real legislation and enforcement then, eh?

  • by PhantomHarlock ( 189617 ) on Monday November 18, 2002 @03:37AM (#4695142)
    Ok, here's one way to eliminate spam in your inbox. No, this doesn't eliminate the cause, only the symptom, but it will stop the bandwidth at your server if you so have the power.

    This works best if you own your own domain name and can create multiple pop boxes. It's still doable using regular email accounts, however.

    Step 1: Change your email address to a previously unused address at your domain. Test it for a day, verify no spam is coming in to that address.

    Step 2: Email all your trusted friends, relatives and business contacts your new email address.

    Step 3: Remove your old email address links from your website and replace them with a feedback form that emails an unrevealed throwaway secondary address using your favorite web -> email gateway scripts.

    Step 4: Create a bounce message at your old address, with a link to the feedback form, for all the people you forgot to email about your new address, and for people who want to contact you through your old address as they have found it on google searches or other archived postings, or your old business cards, etc.

    Step 5: Receive both the new email address and the feedback form submissions on to your local mail reader. Filter them in to seperate directories. Give out your real, private address to feedback form users once they've verified themselves as being legit. If not, have a throwaway identity you can talk to them through. (the email account that the feedback form mails to) If you start getting spam at that address, simply change it.

    Step 6: When you make public postings, post the feedback form URL instead of your email address. When you have to give your address away to commercial websites to sign up or download things, give them the throwaway address, or create a third address for legitimate online companies and filter that into a third folder for "commercial website email" If that get compromised by an unscrupulous business, change it. Still doesn't affect your primary private address.

    You can receive the two or three addresses all at once with any modern mail reader, and filter them into folders. I personally use Eudora.

    This is a really easy thing to do if you can stand changing your email address. I've had the same address since 1995, so I get about 150 spams per day. I have a filter that gets rid of most of those, but that's local and I still take the bandwidth hit, and about 20% of them get to my inbox still. Rather than try to over-filter and get a false positive, I think the above solution is a worry free and clean way to make a break from spam.


  • by Lord Bitman ( 95493 ) on Monday November 18, 2002 @04:02AM (#4695226) Homepage
    not that any of this will happen, but I see a lot of posts mentioning ideas like adding a new standard, a "SPAM" flag to the standard SMTP headers. What about something even lower than that? tcp/ip has plenty of bits left for "future expansion", why not an "Advert" bit? how about a couple different ones- "Main", "Advert", "Stream", just as bits? You know, things that can be knocked out with very little proccessing by routers?
    That could speed things up a lot.

    And now a future timeline:
    -Terrorist groups note that many routers are dropping "advert" spam before they reach the mail servers, start sending messages with the "advert" bit set, thus avoiding detection by bugs in mail servers
    -Government catches on, starts paying close attention to posts with the "advert" bit set
    -Advertising is outlawed after Bush calls the advert bit "evil"

It's fabulous! We haven't seen anything like it in the last half an hour! -- Macy's