×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Collateral Damage in the Spam War

Hemos posted more than 11 years ago | from the when-defensive-measures-go-wrong dept.

Spam 375

MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry. " I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

375 comments

Feel the power (-1)

L0rdkariya (562469) | more than 11 years ago | (#3871489)

of the CLiT.

Re:Feel the power (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3871598)

Dear CLiT members, perhaps you would like this verse. Have a nice day, why don't you go away?

Yo, I woke up, fucked up off the liquor I drunk
I hadda bag of tha skunk, one and last night's tunk
Pussy residue was on my penis, Denise, from the Cleaners
Fucked me good, you should've seen us
Big booty bitch, switch unbearable, french role styling, body like a stallion
Sizing up the figure, while my shit getting bigger
Debating on to fuck her, do I wanna be a nigga
Caressing this bitch, plus I'm checking out them tits
Sipping on that fine shit, I ain't use to buying
I gotta hit it from behind, it's mandatory
Like taking ho's money, but that's another story
For surely your pussy on toast, after we toast
Our clothes fell like Bishop and Juice
The womb beater, clean pussy eater, inserting my john
In that spot hotter than the hottest block, don't stop!
Response I got when I was knocking it
Clocks steading ticking, kinky finger licking
The cannon, seen us at my temple when she moans
I gotta slow down before I cum soon
And work that nigga, like a slave owner
When I dropped off my outfit, she knew I wanted to bone her
She foaming at the lips, the ones between the hips
Pubic hair's looking like some sour cream dip
Without the nacho, my dick hit the spot though
Pussy tighter than conditions of his black folks
Being a vinyl stretched, the last part of sex
I bust a fat ass nut - then I woke up next
Like, what the fuck is going on here?
This bitch evapourated, pussy and all just picked up and vaccated
And now I'm frustrated cause my dick was unprotected
And doctor Wesley telling me I ain't really got that shit
Fuck

I have felt the power (-1)

Trolling Stones (587878) | more than 11 years ago | (#3871606)

and it is truly awesome. Like a heavy wet fart that lingers in the air, the CLIT will be around for a while.

bestest site ever (-1)

trollercoaster (250101) | more than 11 years ago | (#3871490)

Hi I just wanted to say I just found out about Slashdot and I really like your site!

I like all the news stories that are submitted and I love to read all of the insightful commentary that gets posted by the readers!

It is a great site, keep up the good work!

Um... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3871499)

d00t!

This happens to me all the time (0)

sllort (442574) | more than 11 years ago | (#3871501)

I keep sending CmdrTaco email that says 'I LOVE YOU' in the subject, and I think he's filtering it somehow.

No replies yet.

Re:This happens to me all the time (1)

justletmeinnow (315504) | more than 11 years ago | (#3871607)

That's because he doesn't love you back silly. Did he mention anything about the restraining order yet? If not, expect to be served soon...

Re:This happens to me all the time (0)

Anonymous Coward | more than 11 years ago | (#3871731)

WTF? That's just plain humour, not "Overrated". Sllort never sent CmdrTaco those emails!

Spam, spam, spam, spam, spam... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3871504)

Spam, spam, spam, spam, spam, spam, spam, spam, spam, spam, baked beans, spam, spam, spam, and spam.

Hahahahahaha
hahahah

Network Solutions, One domain per user? (5, Insightful)

dada21 (163177) | more than 11 years ago | (#3871507)

The only people I got spam from was from the e-mail address I used to register domain names with through netsol.

I dumped that address (100 spams a day).

What I've done is registered a domain name (say fatgeeks.com) and when I have to use my e-mail address at a website, I'll append the website to the user name, such as:

dada_slashdot@fatgeeks.com

or

dada_msn@fatgeeks.com

When spam appears, I kill off that user name (very easy to do in any POP3 e-mail program) and then go to the website that sold my address and yell.

This helps track websites that "lie" about reselling your e-mail address.

No spam. No collateral damage.

Re:Network Solutions, One domain per user? (3, Insightful)

Mr_Silver (213637) | more than 11 years ago | (#3871610)

This helps track websites that "lie" about reselling your e-mail address.

Is there a page out there that details which websites sell your email addresses? It would be rather useful.

Personally I nominate hotmail.com - unless you're telling me that ibtagmrq@hotmail.com is a popular name.

Re:Network Solutions, One domain per user? (0)

Anonymous Coward | more than 11 years ago | (#3871654)

Such a website would be in very hot water. You usually can't prove who sold your address. And it's even harder to validate if someone who claims that someone else is selling addresses is telling the truth or if he is just trying to make his competitor look bad.

Re:Network Solutions, One domain per user? (1)

great throwdini (118430) | more than 11 years ago | (#3871744)

[U]nless you're telling me that ibtagmrq@hotmail.com is a popular name.

Unless you're telling me that some of these people don't have the time to just randomly generate email addys @hotmail.com just to see what turns up...

Bcc: (1)

Evro (18923) | more than 11 years ago | (#3871631)

Most spam I receive has a blank To: header and a forged From: header, so this tactic is not exactly foolproof (I've been using it for a while).

Re:Bcc: (1)

shine-shine (529700) | more than 11 years ago | (#3871650)

Everything can be traced back. Ever looked at the headers?

Re:Bcc: (1)

Evro (18923) | more than 11 years ago | (#3871751)

Yes, of course. Here's a nice one:


Received: from server.canieti.com.mx (dns.canieti.com.mx [200.53.198.53]) by us with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
id M8HF6GZR; Sat, 29 Jun 2002 07:52:15 -0400
Received: from answer-us.com (IDENT:root@localhost.localdomain [127.0.0.1])
by server.canieti.com.mx (8.11.6/8.11.6) with ESMTP id g5T1ZYK24777;
Fri, 28 Jun 2002 20:35:35 -0500
Message-Id:
From: support@answer-us.com
Subject: Make Money Now! MLM High Tech Key Positions Available
Reply-To: support@answer-us.com
Date: 28 Jun 2002 22:33:31 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_nays1r1E_bnP6ynAX_MA"


Of course, this can be traced back, but most POP3 clients can't filter when there's no "to" header, and Forged/random From: and Received: headers. If you run the mail server, it's a somewhat different story, as you can subscribe to a blackhole list and keep known spamming hosts from connecting to your relay, but if you don't want to run a mail server you're left with the limitations of your POP3 client. Filtering out "$" and "Money" and "Penis" "viagara" etc would probably help a lot, though at work we get ones like this:

Received: from mail.wzptt.zj.cn (202.96.106.130 [202.96.106.130]) by us with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
id M8HF6GPZ; Wed, 26 Jun 2002 04:11:53 -0400
Received: from localhost([61.174.185.142]) by mail.wzptt.zj.cn(JetMail 2.5.3.0)
with SMTP id jm393d19a631; Wed, 26 Jun 2002 08:12:44 -0000
MIME-Version: 1.0
From: chnze@mail.wzptt.zj.cn
Content-Transfer-Encoding: 8bit
X-Priority: 1
Subject: Supply electric appliance
Content-Type: text/plain



I've ip-banned most of Asia (210.x.x.x and 211.x.x.x, I believe) due to the spam and that simple act cut our spam by 90%, and since we don't deal internationally right now, it's not really a big deal.

Re:Bcc: (1)

Hammer (14284) | more than 11 years ago | (#3871686)

Yes,
But the fact that he got in the mailbox x_hotmail@xyz.com means that the address was harvested of or sold by hotmail

He would then scrap x_hotmail@xyz.com.
No more spam just an angry email to some executive at hotmail (cc to lawyer...)

Re:Bcc: (1)

Evro (18923) | more than 11 years ago | (#3871782)

Ah, well, I assumed he meant he was setting up email aliases rather than separate POP3 mailboxes. I am limited to 5 POP3 boxes on my host, so I use aliases most of the time, so anything@myhost.com goes to me@myhost.com, which leaves you with the problem of not knowing the To: header. Having separate inboxes is more robust, but also probably a pain to manage, I would guess

Qmail (3, Interesting)

crow (16139) | more than 11 years ago | (#3871779)

My mail gets processed by qmail, and it seems to automatically add X-Envelope-To: header lines, so you can see what address received the message.

Your mail server has to know who it is supposed to be delivering the mail to, and in most cases this is made available to mail filters in one form or another. Of course, if you're filtering it on the client side after it's been delivered to your mail box, you may be out of luck. (I've always been of the opinion that filtering should be on the server side, for this and other reasons, but people make do with what they can get.)

Personal domain (2)

crow (16139) | more than 11 years ago | (#3871651)

For heavy Internet users, having your own domain is wonderful. I do the same thing you describe. I'm hosted at pair.com (no affiliation other than as a customer), and for about $6/month, they host my personal web pages and let me put arbitrary filters on any incoming email address. I've killed off a few that have gotten spam from web sites releasing the address. I've killed off a few that I used when posting to mailing lists that are archived on the web.

But mostly, I've found I just don't get much spam because I protect my email address. For example, when placing my email address on my web page, I use JavaScript to encode it, so a web robot that doesn't parse the script won't see the address. I've never received spam at an address protected that way.

Re:Network Solutions, One domain per user? (1)

natefaerber (143261) | more than 11 years ago | (#3871665)

I do the same thing but use aliases and just point it to /dev/null if I start getting spammed. I wish I would have thought of it sooner, like before I registered with netsol and dice and hotjobs and monster and well, you get the picture.

Re:Network Solutions, One domain per user? (1, Insightful)

Anonymous Coward | more than 11 years ago | (#3871768)

I used to do this but stopped for one reason: Especially when registering online, I don't want to give out more information about me than what they already have or require. A mail address with your own domain gives them your full address, backup email address and phonenumber (depends on the registry). These pieces of information are probably not harvested right now, but they definitely could be. Since most users who use this scheme have their mailserver in catch-all mode, some software could also check for the service name and remove it before selling the address. To make this really failsafe, you would have to generate random addresses, put them in a database together with the associated service name and reject mails to addresses which are not in the database.

To Much Spam will.. (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3871520)

To Much Spam Will Rip Your Rectum

So Please Hug A Root Today

Sometimes "collateral damage" is intentional (2)

RollingThunder (88952) | more than 11 years ago | (#3871521)

Several of the more hardcore lists will quite gladly blacklist an entire ISP for hosting spammers. Doesn't matter if you're squeaky clean with a five year contract with the ISP, they'll just say "get a new ISP, they've broken their contract with you"... all in the interests of peer pressure.

I haven't been hit myself by that, but I can sure empathise with the poor bastards that have.

Re:Sometimes "collateral damage" is intentional (3, Funny)

mr_z_beeblebrox (591077) | more than 11 years ago | (#3871549)

The company I work with is switching our hosting away from Earthlink for that reason. We send mail from our domain but its reverse lookup is earthlink.net...Some of our clients deny mail from them as they have open mail relays. Bad for us Karl

Re:Sometimes "collateral damage" is intentional (2, Interesting)

sawilson (317999) | more than 11 years ago | (#3871632)

When I used to work at the better half of that company a long time ago before the lame name change *cough* we spent a considerable amount of time trying to figure out who the traitor was inside selling lists of email addresses. We knew it was going on, but never caught the guy.

Re:Sometimes "collateral damage" is intentional (1)

Zathrus (232140) | more than 11 years ago | (#3871783)

Well, whoever it was they had pretty good access. The first 3 emails to my mindspring account were spam.

The spaminator service must be doing some good though - my address was obviously sold at some point, but it's not getting deluged in spam.

Re:Sometimes "collateral damage" is intentional (3, Informative)

King_TJ (85913) | more than 11 years ago | (#3871664)

I think the "peer pressure" idea is becoming a bit of a "dinosaur" from the days of the mom-and-pop ISP. In the past, except for AOL, you didn't really have many large ISPs that kept on large numbers of spamming users.

The small ISPs would be pretty responsive to complaints, or if they weren't - they'd feel the pain of getting blacklisted, and would usually give in and kick off their problem users.

Nowdays, with most customers on one of a handfull of giant ISPs, it's no longer effective or realistic to ban the whole ISP. (EG. With the number of customers Earthlink has, can you really expect them to always keep *every* user with an open-relay off of their network? Even if they hired whole teams of people just to perform that one task, new people with open-relays would subscribe faster than they could discover them. Hence, Earthlink would almost always be on a blacklist.)

Re:Sometimes "collateral damage" is intentional (3, Informative)

sawilson (317999) | more than 11 years ago | (#3871772)

Before the earthlink "merger of equals", Mindspring had Harry. Harry absolutely rocked the abuse department. He worked together with the other admins (helped he was a Senior Admin in skill level) and they'd think up all kinds of interesting ways to "abuse" spammers. We'd catch them pretty fast if they were spamming from our network. One of my favorites was sending +++ATH0 in a formatted ping packet to their modem to disconnect them, sending thousands of spam messages back to their email client depending on what they used. Their port would be disconnected quickly. I think we had a 3 strikes and you are an ex-customer rule. Jan also rocked the news servers. I'm not sure how earthlink is handling things now post merger. I didn't hang around. :) At the time, were were number 2 in the world, and fighting spam very well. The "SPAMINATOR" product was very much loved by customers. I heard through the grapevine that it's basically a joke now, and doesn't work.

Re:Sometimes "collateral damage" is intentional (2)

RollingThunder (88952) | more than 11 years ago | (#3871787)

It's a tough call for the guys taking the hardline.

On one hand, their main weapon is escalation. First they would ban the server, then the domain, then the hosting ISP... and then the ISP's connectivity - presumably at that stage, the ISP would have to choose between dropping the spammer or losing their connectivity.

On the other hand, every time they escalate, there's a chance outsiders looking in will go "good god, what a bunch of lunatics" and not opt to go with that blacklist... and as is pretty obvious, the power a blacklist wields is pretty directly related to the number of mailboxes it protects.

The discussions on the newsgroup certainly do lend themselves to LART-based amusement, though. :)

Do what my friend does... (0)

kraksmokr (216277) | more than 11 years ago | (#3871525)

Ban email from EVERYBODY by default, and only ALLOW email from certain people.

Re:Do what my friend does... (0, Offtopic)

mr_z_beeblebrox (591077) | more than 11 years ago | (#3871573)

Great when you are a 1337 d00d at home. The real issue though is when you are an admin for a solvent corporation. Draconian e mail becomes very tough.
Karl

Isn't it ironic (4, Insightful)

iONiUM (530420) | more than 11 years ago | (#3871529)

but I still have to ban domains like yahoo.com
Does anybody else find it funny that this article is from yahoo.com?

Re:Isn't it ironic (1)

flitrmaus (558666) | more than 11 years ago | (#3871641)

Most spam coming in from Yahoo isn't from yahoo. Look at the headers. The "From" field is often _@yahoo.com, but look at the IP address it came from and the routing information. It's usually from some realy in a foreign nation who hasn't configured thier mail server properly.

I think it's safe to blame the root cause. (-1, Troll)

sawilson (317999) | more than 11 years ago | (#3871538)

If idiotic pricks didn't try to fill email boxen up with ads for stupid crap. If morons didn't pay companies to do mass mailing for them. If total assholes didn't market and sell spamming software USING SPAM to complete idiots that don't know any better. If businesses in general actually adopted some written or unwritten rules of etiquette and and practice and focused more on making quality products people actually want, and less on marketing the living hell out of their poorly made crap, we would never have had to nickname unsolicited email after a grody methodone for steak. We'd also probably not have had our enrons, adelphias, worldcoms, etc. I'm dreaming of course.

Re:I think it's safe to blame the root cause. (0)

Anonymous Coward | more than 11 years ago | (#3871624)

"If everyone did what they're supposed to do, there'd be no need for lawyers"

-- a lawyer

Score -1 poser (0)

I.T.R.A.R.K. (533627) | more than 11 years ago | (#3871642)

"If idiotic pricks didn't try to fill email boxen up with ads for stupid crap."

Warning: Stupid "I think I'm l33t and I want the world to know" Buzzword alert!

Re:Score -1 poser (0, Flamebait)

sawilson (317999) | more than 11 years ago | (#3871671)

That's pretty lofty coming from "I.T.R.A.R.K.". It's a term I've been using for over 20 years. Go hack a website or something.

Re:Score -1 poser (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#3871791)

I can't tell what I'm laughing at right now - the fact that you responded to the obvious troll, or the fact that you have been misspelling "boxes" for 20 years.

I suspect it is a combination of both, however.

Yes, you're dreaming. (5, Interesting)

Ungrounded Lightning (62228) | more than 11 years ago | (#3871795)

If idiotic pricks didn't ...

I'm dreaming of course.


Yes, you're dreaming.

About one in 100 (somewhere between 1 in 50 and one in 200) people in the general population is a psychopath. This is a (set of?) brain disfunction(s) that amounts to "no conscience". (Think "colorblind" but with respect to harm-to-others. But it's not known yet whether it's genetic, foetal insult, or what.) Additionally there are "sociopaths" - similar symptoms but as a result of training and social factors rather than an organic problem.

Some fraction of these people learn a moral, ethical, or legal code to compensate for their affliction. They can become honest, productive, and/or beneficial citizens. In some positions (such as political or military leadership or business administration) they can even excell, because their judgement about actions that will hurt other people is not as biased by immediate emotional concern. But many do not learn a code (or learn a defective one). From these come the bulk of the criminals, scam artists, tyrants, white-collar crooks, and so on.

In the absense of compensation a psychopath will be looking out solely for number one. It's not well correlated with intelligence - some are stupid, some very smart. A significant number will be able to handle spamming tools, and be willing to go for the immediate benefit to them (even if it's small), regardless of the damage to others or even long-term consequences.

Yes, Virgina, there ARE evil people.

Much of the social and legal institutions of all civilizations are dedicated to the problem of this small-but-effective population of psychopaths. In particular, legal systems exist to give them a set of rules to live by, a set of personal bad consequences for violating them (so acts that harm the law-abiding become bad for "number one"), and to remove from circulation those who just don't get it.

Short of genocide against psychopaths we will continue to have a plague of spammers for at least as long as people think there's money to be made (or fun to be had) and it won't get you busted.

Solution to spam (3, Funny)

maynard-lag (235813) | more than 11 years ago | (#3871540)

I've found that once I stopped checking my email, I stopped getting spam.

Now, why haven't I heard from my girlfriend while she's been away at school.

Re:Solution to spam (1)

DrVxD (184537) | more than 11 years ago | (#3871572)

> Now, why haven't I heard from my girlfriend while she's been away at school.
Because you've filtered her out as spam?

Re:Solution to spam (0)

Anonymous Coward | more than 11 years ago | (#3871593)

> Now, why haven't I heard from my girlfriend while she's been away at school.

Trust me, it has nothing to do with checking your email...

Re:Solution to spam (0)

Anonymous Coward | more than 11 years ago | (#3871609)

> Now, why haven't I heard from my girlfriend while she's been away at school.

She says it's because you can't please her like I can...

Re:Solution to spam (3, Funny)

Lemmy Caution (8378) | more than 11 years ago | (#3871770)

Now, why haven't I heard from my girlfriend while she's been away at school.

Since you passed up all those opportunities at penis enlargement she's been sending you, she's probably moved on to another guy.

Be careful when you Bcc... (3, Informative)

Omega (1602) | more than 11 years ago | (#3871543)

A number of spam filters and spam blocking agents will mark a message as SPAM if it is only Bcc'd or CC'd. If you're going to Bcc -- at least make sure you have 1 To recipient else you may end up in the SPAM Folder.

Re:Be careful when you Bcc... (2)

RollingThunder (88952) | more than 11 years ago | (#3871629)

Obviously, the simplest solution there is send it to yourself, and bcc everyone else. That way, no new data is introduced for the recipients to see.

And SpamAssassin (v2.20) rates "TO_EMPTY" at 2.541, and "TO_NO_USER" at 1.928 - putting you less than .5 away from getting dumped by the default threshold of 5. The two may be exclusive though... but they're still pretty large hits.

SpamBouncer Spam Assassin (5, Informative)

Binestar (28861) | more than 11 years ago | (#3871545)

I've been using spambouncer [spambouncer.org] for quite a long time and I've found that it catches more spam than Spam Assassin does.

As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.

I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:


* ^Content-type: text/html
* ! html; charset=
* ! from hotmail
| ${FORMAIL} -A"X-Spammers: text/html only message"


Your Milage May Vary

Klez virus and spam (3, Interesting)

pubjames (468013) | more than 11 years ago | (#3871546)


Since the Klez virus can be sent as if it was from your email address even when it has not come from your computer, is it possible that you could get put on a antiSPAM list because someone else has got the Klez virus?

Re:Klez virus and spam (2)

Binestar (28861) | more than 11 years ago | (#3871567)

It is possible, but *most* of the people running the spam lists such as DNSBL's have a clue as to whats what and will not put those type of issues into the blocking lists.

BTW: That brings up another point, never never never trust a spam From: Header, you should always track it down to the system sending the spam, not rely on what the From: Header says.

one down! (2)

Mr_Silver (213637) | more than 11 years ago | (#3871561)

I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.

I see that sending the boys round to Hemo's house for a good beating with the procmail man page worked.

Right ... one down ... anyone know Taco's home address?

Concept for Fighting Spam... (3, Interesting)

dmarien (523922) | more than 11 years ago | (#3871570)

I once, after installing, needed to raise a concern to the author, djb. I e-mailed him, and instantly recieved an automatic response.

The automatic reply stated that djb recieves an enourmous amount of mail, spam, and technical support inquiries. If I really wanted to e-mail him, the letter went on, I would have to reply to the automatic reply and copy in a 12 digit code which the automatic reply included.

I did that, and then recieved a 2nd automatic reply, stating that the code I entered was correct, and that djb would recieve my mail.

I imagine that a mail system setup in that regard would be the most potent weapon a mail server could utilize against spam!

The mail server could keep a database of known senders who entered the code correctly, and thereafter automatically accept their 'friendly' e-mail.

I forsee a potential abuses for this though. Annoying "spam bots" could learn to decipher the first automatic reply containing the code and then automatically send the spam, and contain the code which will allow the mail server to recieve the mail.

I would ask that if anyone knows how to install/administer the add on to qmail which performs this to please let me know! I recieve a tonne of spam, and becuase I get everything sent to the domain 'dmarien.com', I'll sometimes get upwards of 100/day.

Also, if anyone has a qmail server setup in this manner please let me know how satisfied they are with it's performance, and whether they get complaints -- and even if spam get's through -- i'd love to know.

Thanks!

mod parent up! (0)

Anonymous Coward | more than 11 years ago | (#3871591)

that is an excellent idea! but I think she/he meant to say "after installing qmail..." on the first line.

Re:Concept for Fighting Spam... (2)

infiniti99 (219973) | more than 11 years ago | (#3871790)

Yes! See my other post about TMDA [sf.net] in the comments. It does exactly this.

By the way, your potential abuse is not as bad as it sounds. The spammer would need to use a valid return address in order to receive the confirmation. This means they could be tracked and stopped, etc. The most serious problems with SPAM right now are how there are so many open-relays and that addresses can be spoofed.

Re:Concept for Fighting Spam... (2)

pete-classic (75983) | more than 11 years ago | (#3871796)

I forsee a potential abuses for this though. Annoying "spam bots" could learn to decipher the first automatic reply containing the code and then automatically send the spam, and contain the code which will allow the mail server to recieve the mail.
One of the primary charactaristics of SPAM is bogus From: and Reply-To: headers. If replies were actually recieved by the bot it would be an improvement.

-Peter

Yahoo and Hotmail DONT Open Relay (2, Informative)

Anonymous Coward | more than 11 years ago | (#3871577)

If you'll trace the messages 99.9% of the time it's not from the return address (which is usually hotmail or yahoo). So simply blocking yahoo and hotmail seems kind of wasteful. Simply look at the black lists of open relays. They are the problem.

Re:Yahoo and Hotmail DONT Open Relay (1)

EvilBudMan (588716) | more than 11 years ago | (#3871745)

Yes, blocking yahoo and Hotmail doesn't seem the way to go. We have too many cudtomers that use those.

I gave this link a go and it seems to help after about a month.
http://www.opt-out.cdt.org/

SPAM (4, Funny)

!splut (512711) | more than 11 years ago | (#3871582)

Ever since my friends started filtering out spam none of my emails get through to them. Such is the life of a Hormel Foods employee...

lots of bad spam filters out there (2)

EccentricAnomaly (451326) | more than 11 years ago | (#3871586)

One filter thought I was sending spam because I sent a message to myself and then CC'd all of the other recipients.. the filter was triggered because the recipient wasn't in the "To:" line... another idiotic filter flagged me as spam because I sent a message to a listserv which forwarded my message...

There are way too many dumb and lazy programmers out there! They should spend more time thinking about their code and less time reading slashdot :)

Re:lots of bad spam filters out there (0)

Anonymous Coward | more than 11 years ago | (#3871785)

Lazy? You smell like poop.

gotta check your "junk mail" folders... (2)

RevDobbs (313888) | more than 11 years ago | (#3871592)

hell, today an email addressed to me, from someone in my address book, got dumped into the "Junk Mail" folder, presumably because the body contained the words "bachelor party". Y'all gotta remember to check those spam folders every couple of days...

Re:gotta check your "junk mail" folders... (1)

acceleriter (231439) | more than 11 years ago | (#3871600)

No disrespect, but if you have to check them, what's the point?

Re:gotta check your "junk mail" folders... (2)

RevDobbs (313888) | more than 11 years ago | (#3871704)

No disrespect, but if you have to check them, what's the point?
It leaves me with two mindsets when checking email:
  1. I expect almost everything in my Inbox to be legit, so I carefully prune out the few pieces of SPAM that are there.
  2. I expect almost everything in my Junk Mail box to be spam, so I can quickly scan the From: column for people I know that may have been mis-filtered.

Spam Assassin (4, Informative)

Pengo (28814) | more than 11 years ago | (#3871599)

I have been getting close to 20-30 spam messages per day, my well.com account was the worst.. but the problem with just dumping a couple of my email accounts is I just went through an international move and I don't want to miss any messages from friends in Europe.

A few weeks ago I saw mention of software called spam assassin. After about 2 hours of playing, updating CPAN modules on my Mandrake box in the closet, getting fetchmail and sendmail configured/installed.. I must say, the pain of getting it going was WELL WORTH the effort. I now have almost 0 spam get through (not a single one yet). I have setup IMAP on that server, and have all my email going to that one spot.

Spam Assassin is pretty neat, it tags the top of the message with reasons why it thinks it's spam. Some of it's comments are funny as hell.

Sample reults:
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM: SPAM: Content analysis details: (12.8 hits, 5 required)
SPAM: FROM_NAME_NO_SPACES (-0.1 points) From: no spaces in name
SPAM: AS_SEEN_ON (2.2 points) BODY: As seen on national TV!
SPAM: CLICK_BELOW (1.5 points) BODY: Asks you to click below

Anyway, fetchmail + spamassassin is well worth the effort.

Definitely worth it. (0)

Eliza Troll (589949) | more than 11 years ago | (#3871638)

It's almost fun to get spam now, with Spam Assassin. I like to see what the highest score a spam gets. I think the highest (with the default scoring that comes with Spam Assassin) that I've gotten was 32 points.

My favorite things by poopbot (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#3871601)

Credits: on by

crapfloods and trolling and raping small kittens
nice wider pages and wanking with mittens
turd report packages tied up with strings
these are a few of my favorite things

grits covered portman and ASCII art doodles
ACs and CLITers and Katz sex with poodles
wild trolls that fly with plus five mod scoring
these are a few of my favorite things

when the ban hits, when I can't post, when I'm feeling sad
i simply remember my favorite things
then i don't feel so bad

Rob Malda chugs penis in fan fiction slashes
taco snot over my nose and eyelashes
BSD dying and that goatse ring
these are a few of my favorite things

grits covered portman and ASCII art doodles
ACs and CLITers and Katz sex with poodles
wild trolls that fly with plus five mod scoring
these are a few of my favorite things

when the ban hits, when I can't post when, I'm feeling sad
i simply remember my favorite things
then i don't feel so bad

- poopbot: because even your grandmother can use lunix

But not everyone hates spam anyway (4, Funny)

PissingInTheWind (573929) | more than 11 years ago | (#3871603)

Have a look at this:sick guy [com.com] .

and maybe even sicker: taking spam as if it was legitimate and interestig: link [com.com] .

And for the record, that fat-ass-online-marketer-who-loves-spam's email is BDennis410@AOL.com . Make sure you make him happy and forward all kind of nice business and penile enlargement opportunities to him.

Re:But not everyone hates spam anyway (0)

Anonymous Coward | more than 11 years ago | (#3871707)

Well duh, if you read down, he is the "president of an internet and offline marketing company".

of COURSE he loves spam.. he SENDS spam, dollars to donuts!

Maeryk

Banning yahoo.com, hotmail.com, etc (1)

kwishot (453761) | more than 11 years ago | (#3871605)

Isn't it pretty much pointless to ban yahoo.com and hotmail.com, seeing as people rarely ever use those servers to send spam? Of course, people use a bogus yahoo/hotmail reply address, but filtering from those servers does nothing but block out all of the people who use them legitimately.

Quothe the article (-1, Troll)

mcelli (518034) | more than 11 years ago | (#3871613)

"The SPEWS system is unapologetic about false positives and even regards them as a plus. They've taken the 'ends justify the means' argument way farther than I've seen anyone else take it," Donea said.

Because all of the dictators and social engineers of history cannot compare to the spam list. Names like Hitler, Stalin and Mao are insignificant compared to how spam lists will stretch the ends justifying the means.

I guess this is just another in the long list of ridiculous exadgeration thrown around by computer geeks. I can say without hyperbole that spam is a million times more brutal than WW2, the Korean war and Vietnam combined.

open source solutions (1)

jyee (16633) | more than 11 years ago | (#3871616)

all i gotta say is:
http://software.libertine.org/tmda/

it's made email useable and fun again.

Forged filter? (2)

fm6 (162816) | more than 11 years ago | (#3871627)

I still have to ban domains like yahoo.com, hotmail.com, mail.com
I don't know about hotmail.com or mail.com, but Yahoo is pretty good at keeping its accounts from being used to send spam. It's true you see "yahoo.com" in a lot of spam headers, but these are almost always forged. And forged headers are pretty easy to detect. I'm suprised your filters can't tell the difference.

SpamAss and tuning... (1)

DraKKon (7117) | more than 11 years ago | (#3871635)

SpamAssassin with DCC works real good.. Razor is a little bit buggy at the moment.. I have tuned my spam assassin a bit and have a HIGH count folder.. (any spam that scores over 12) for the past month, it's had a 100% hit rate. No false positives. Then there's my Score of 5 to 11.9999999999 folder.. it's about 80% spam, 20% that would be spam if I didn't actually know the person) "Come to my show my band is playing here 18+" stuff like that.. so my white list is growing.. and spam is going away.

You also have to realize that NOTHING will be perfect. Razor is a good Idea, but when you have ONE person report a CERT advisory, or other mailling lists, the false positives rise.

Even if SpamAssassin/DCC/Razor took one piece of spam out of my mailbox, it would be worth it.

Too bad about Yahoo (1)

Weasel Boy (13855) | more than 11 years ago | (#3871646)

Anyone who blocks Yahoo.com won't get any mail from me. I like Yahoo's web mail, and use it in preference to the one I actually pay for.

Banning .cn (5, Funny)

JoeBuck (7947) | more than 11 years ago | (#3871649)

Q. How can the Chinese authorities get around the fact that the Great Firewall of China is doomed to be imperfect?

A. Get all westerners to ban .cn as spam. Then Chinese dissidents will be unable to communicate with the outside world.

Cloudmark is a P2P Spam Eliminator (2, Insightful)

TheCodeFoundry (246594) | more than 11 years ago | (#3871657)

I've been using a beta of Cloudmark's SpamNet [cloudmark.com] for about a month with no false positives. Seems to do a good job, plus you can mark SPAM that you might get and it will update it on everyone's (that is using SpamNet) spam signatures.

If RBLs actually worked... (0)

Anonymous Coward | more than 11 years ago | (#3871658)

We wouldnt need spamassassin, DCC, vipuls razor, etc.

RBLs are like chemotherapy. They are dangerous treatment for a disease, as the damage they inflict can be huge, even significantly disproportionate with the threat.

The only way to make a truly secure RBL based filter is to use the TCP Wrappers /etc/hosts.deny type mechanism, and specifically deny all hosts mailers, except ones in the /etc/hosts.allow. Otherwise, you invite the spammers to easily get around the RBLs by doing dialup, or ip spoofing, or whatnot else. Changing IPs is too easy, and RBLs fundamentally protect based upon that mechanism.

It is time to retire them in preference for the better technology of distributed signature detection. There is too much damage being done to reasonable end users. The policies for entry/exit of these lists are inconsistent, and far too many sysadmins blindly trust these policies <strong>event when they are wrong or inconsistent.</strong>

I have had my systems blacklisted not for having open relays (which I test for) but for being in a range where a spammer was once observed. When I complained in the past about this practice, the various sysadmins grumbled about having to update their lists.

If you are going to grab the authority, you better be prepared to take on the responsibility.

Use the distributed signature systems. Toss the RBLs out.

SpamCop chain test (4, Informative)

Animats (122034) | more than 11 years ago | (#3871668)

One of the better features of SpamCop is the "chain test". SpamCop's header parser looks at all the "Received:" lines and figures out which ones are fake. It matches DNS names and IP addresses, and checks those "Received A from B", "Received B from C" relationships. The point at which the chain ceases to be valid identifies fake headers.

This is essential if you want to report spam to the sender's ISP. Otherwise, you report addresses being abused by spammers. It's also a useful filtering tool; an e-mail with inconsistent headers is probably spam.

ahhh (1)

Zabu (589690) | more than 11 years ago | (#3871672)

I can't controll the primitive physical urges that I get...

When a perfectly good e-mail address has been gang-spammed.

Collateral Damage with snail-mail junk mail? (3, Interesting)

GGardner (97375) | more than 11 years ago | (#3871673)

I get a ton of junk mail. Who doesn't? It usually gets tossed, unopened. Every now and then, I've tossed non-junk mail, as it looked like junk mail. It would be interesting to measure this "cost" of junk-mail.

What about individual users (2)

rutledjw (447990) | more than 11 years ago | (#3871675)

I have had my yahoo.com e-mail address since they offered it YEARS ago. For a while I used it as a SPAM trap and just deleted the whole thing periodically. I finally decided I wanted to use it and have set up a number of filters to take out crap.

Stuff like "Casino", "Porn", "u.n.i.v" in the subject and china.com, and .br (since for some reason I've been getting hit from Brazil) in the from line all go to the Trash.

Is blocking entire domains and nations blocking out potential legit e-mail? Yep, sure is! Am I losing sleep? H3ll no! Look, I'm very sorry if you're unable to do some things on the net b/c you're domain is blacklisted, but that's just too bad. Then complain to your ISP to do something. If enough people scream to their providers to do something, the ISPs will HAVE to do something or else lose users and hence - business.

I'm not going to endure the kind of garbage I have in the past. As for legit businesses that get blacklisted, well, as the article said, it was resolved in a day...

One thing that is interesting is Yahoo!s little feature of marking a message as SPAM. Apparently, they review it and use it to update their filters. I'd be interested to know how well it works...

Spam Assassin (1)

sapphire42 (178537) | more than 11 years ago | (#3871688)

We also use Spam Assassin. It's really nice with
IMAP, because I have a special IMAP folder, and
SA sorts all of the incoming spam right into the spam folder. Once a week I do a quick skim and make sure nothing important got stopped, and then it gets the old dumperoo. You can't do that with POP3, but it really doesn't stop that many that are legit, unless they are mailing list e-mails from crap like Yahoo groups and such. I like the various criteria it uses for what is considered spam, it has to get a certain score before it is considered spam. Combine that with the use of AmaViS for virus filtering, and you're good to go. We've had great luck with it.

If only domains told the truth... (5, Insightful)

dasmegabyte (267018) | more than 11 years ago | (#3871698)

I've had a number of people complaining about spam email originating from our server. A quick look at these emails from somebody who knows "a little something" about email shows that the email was an almost guaranteed forgery...the mail servers that relayed the message had nothing to do with us, besides which the user does not exist on our servers and the domain they sent from belongs to developers I know wouldn't fool with this stuff.

And yet, the damage has been done. These users don't trust me as a provider even when I explain how we lock down our server & prevent spam. They don't trust our domains, which means they block the ip -- an ip which may be mapped to 50 or more virtual sites. And all of this because our domain was the root of it all...a simple forgery that no email client really checks for validity because internet mail is designed to bounce anonymously from server to server. I've gotten spam that was "sent" from my own email address...which is silly, because why should I trust a company's services when they try to convince me _I'm_ marketing to myself?

What email needs is a set up like SSL -- a trusted third party to verify the validity of an email from a key generated by the sender when the receiver gets the mail. If the sender proves to be a spammer, the third party drops support...and charges a large fee for breaching a contract. We need this to occur without unwieldy programs (PGP) or user eductation...just some way to get a lock in the corner of a user's screen to let them know for a fact that user X sent message Y, and that if it was unwanted they have a recourse.

This new "Secure mail" could become popular very quickly, as many companies that communicate solely over email could use the security that nobody can send an email as ceo@trustycorp.com without the server's permission. The key is ease...SSL may have its problems (certs kind of expensive, monopoly of cert providers due to reliance on deals with certain monopolistic browsers, slowwww responses) but it has become a mainstay of secure communications for people who understand it (unlike my wife, who despite a BS in chemical anthropology believes that submitting her credit card via SSL over WEP 802.11b means a guy with a ham radio can read her number, so she places orders via cordless phone instead). Mail hasn't significantly changed in ten years...maybe it's time for smail!

No Spam For Me... (1)

nomel (244635) | more than 11 years ago | (#3871706)

I make multiple accounts (like I'm sure everyone does), one for spam and one for real emails. I'm very cautiouse in where I put my real email address, never anywhere that web crawlers can access. Put the address in an image if you have to put it somewhere (on your webpage).

One thing that you can do to find where some of these spam lists are getting your name is to put a unique name or identifier for the name section when you fill out any online forms (nomel(0), nomel(1), etc). When you get a spam message you will then be able to see who gave it to the spammer from the unique name. Sometimes it's surprising to find who gives out your info... :)

The last time.... (0)

Gabreal (592076) | more than 11 years ago | (#3871709)

I talked to a company that uses span, they told me that they use it for ads and I told them B.S.

ORDB is the Answer (3, Informative)

DaveAtFraud (460127) | more than 11 years ago | (#3871712)

Quote:
...but I still have to ban domains like yahoo.com, hotmail.com, mail.com
My e-mail address was recently harvested by a spammer. I started getting SPAM from the listed domains but the only problem was the mail didn't show up as from yahoo, hotmail or mail in my mail log. Turns out the spammer was forging the return address and sending through an open relay. So I learned about how to set up sendmail to filter incoming mail through the Open Relay Database (ORDB). That particular spam problem has now disappeared. It helps when you run your own mail server but if I can figure this out in less than a day then a paid sysadmin at an ISP, company or school should also be able to do it.

You can find out more about the ORDB here [ordb.org] and this site [wirehub.nl] has very simple instructions for setting up sendmail to use the ORDB filter. Sendmail.org [sendmail.org] has quite a bit of additional stuff you can do to filter SPAM and still let legitimate e-mail through. ORDB also has solutions for people who don't run their own mail server and just connect someplace with a mail client to get their mail.

how to filter asian spam (2, Informative)

Anonymous Coward | more than 11 years ago | (#3871713)

after filtering the Content-Type: for ks_c_5601-1987
(upper and lower case) I havnt recieved an asian spam mail, given that I used to get 20+ asian spam a day this helps a lot. In Outlook you cant(I think) filter on specific headers, but filtring on all Headers should do.

my $0.02

go.com versus hotmail.com (0)

Thinkit2 (591980) | more than 11 years ago | (#3871725)

I've been at go.com for years and not had a _single_ piece of spam, while hotmail dishes it up immediately. A lot of this is just protecting your e-mail address.

Do not ban Hotmail and Yahoo from your client (0)

Anonymous Coward | more than 11 years ago | (#3871733)

A LOT of REAL people are using these emails when they are at work! They might emailing you for a good reason.

A bit of truth in a website full of crap (0)

Anonymous Coward | more than 11 years ago | (#3871735)

Linux users were described as 'elitist nerdy shmucks'. Sadly this is true for much of the 'community'. Too many consider themselves better than the rest of the world because they run Linux.

What about the users of Hotmail? (1)

Megumi_Slashbot (585223) | more than 11 years ago | (#3871737)

Hotmail users seem to have it tough. They have four levels of junk mail filtering only... from 'none', to 'low', to 'high', to 'exclusive'. If you turn the filter on high, even, you still tend to get 10+ junk mail messages per day. When I turned 'exclusive' on, even the messages from my contact list were deleted immediately, as I set junk mail for immdediate deletion. If only there could be solutions for hotmail... but there don't seem to be, so I use my hotmail address for MSN Messenger Service and an outlook client otherwise. That email address, I don't give out... and I haven't gotten spam on it yet! Perhaps that's a good idea, too. Make sure your email is not easily harvestable. This is a good way to avoid spam without any other programs.

What About IP Spoofs (1)

5h4k4-2u1u (587853) | more than 11 years ago | (#3871743)

I've seen a disturbing trend of people getting added to spam databases when someone was spoofing their IP... This recently happened to a friend of mine because their (PacBell mail server!) IP was added to an open-relay list...

Are the maintainers of these databases going to have to start doing more homework on these IPs before they ban them, or are we going to see more and more collateral damage due to unethical spammers?

The problem is that these guys (spammers) keep upping the ante!

TMDA (5, Interesting)

infiniti99 (219973) | more than 11 years ago | (#3871757)

(this is similar to a comment I posted to the other recent fax SPAM story. it has been expanded.)
------

I highly recommend using TMDA [sf.net] on your mail server to defeat SPAM. It works by maintaining a whitelist of valid senders. If someone emails you and they are not in the whitelist, then they receive a confirmation request email. They must reply to it in order to be added to the whitelist (at which point, TMDA will deliver their original message, and allow all new ones to pass through). No having to report SPAMs, no worry of maintaining a never ending blacklist. No blocking of entire domains, no having to "sort through the spam periodically". TMDA does it all for you, putting a minor inconvenience on first-time senders.

The end result is that I get no SPAM. Zero, zlich, nada, not one -- with no effort on my part.

I believe there are other packages out there similar to TMDA that you may want to try. Regardless, I'm convinced that a whitelist-centric strategy is the way to beat SPAM.

Note: You still must take into account mailinglists or other situations where you are going to receive mail from an unknown source that won't be able to process the confirm request (such as some online purchase confirmation), and this is where qmail aliases can come in handy. Ie, justin-linux, justin-sears, etc, and just throw them away if you ever get SPAM. TMDA even has some features to help with this, such as hash-generated addresses that self-destruct after a period of time.

Still, for all other purposes you can keep your normal address. No need for SPAM armoring ever again :)

-Justin

New approach (2, Insightful)

Rupert (28001) | more than 11 years ago | (#3871763)

Maybe we could get a mainstream news source to report that terrorists are using spam to communicate with each other. That would get it banned instantly.

Play their own game... (1)

ZaneMcAuley (266747) | more than 11 years ago | (#3871792)

I use eMailTrackerPro from VisualWare and Visual Route
http://www.visualware.com/emailtrackerpro/index. ht ml

I get their location (for the non faked emails) and mail their ISP point of contact with the mail, pictures etc.

Nowdays they are FAKING emails to be from YOU to YOU. Alot are faking or creating yahoo emails so you cant block yahoo.com or u block ur friends. Some are using MSN Member services as a fake.

Simple, BLOCK EVERYTHING except those on an OK list (buddy lists etc).

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...