Fighting the Hydra -- A Spam Warrior's Tale 333
Selanit writes "Salon has an interesting article about the battle against spam from the viewpoint of Suresh Ramasubramanian, a sysadmin working in Hong Kong. His most interesting complaint concerns the fragmentation of anti-spam forces: not only does he have to deal with spammers, but also with anti-spammers who assume because his company is Chinese that he isn't doing anything about spam. Hmm ... decentralized opponents striking from the shadows against quarreling allies. Does this sound familiar to anyone else?"
The spammer. (Score:2)
When is the sequel out? A Spammers Tale? I can't wait!
Another world group? (Score:2)
Re:Another world group? (Score:2, Insightful)
Re:Another world group? (Score:5, Interesting)
First.
Get off the USA bashing kick, all countries look after their own economic needs. (aka, sweat shops are illegal in the USA, but the WTO says that in 3rd world countries as its the only work available, they are legal...)
Second.
The USA (aka Federal Government) has nothing to do with Spam guidelines unless its a Federal Law. (Which could be considered a violation of Interstate Commerce, thats part of the reason no laws are passed at the Federal level... btw, IANAL...) This is also why we are trying to pass State level laws for Spam.
But, if ISPs who want to deal with SPAM can join blacklists, whitelists, coalition, etc. Nothing is stopping them. But on the Other side, there is money to be made in Spam, and companies willing to make a buck will do it. (All around the world, not just the USA or Hong Kong.)
Re:Another world group? (Score:2)
One tip: arrest before you murder.
--G
Re:Another world group? (Score:2)
Fight the good fight (Score:5, Insightful)
rus
Re:Fight the good fight (Score:3, Interesting)
Fun? The article repeatedly made the point that fighting spam is no fun at all.
Re:Fight the good fight (Score:4, Funny)
Tell me about it. I got so fed up with my spam that when I changed my ISP I made damn sure nobody I didn't want to hear from had my address. One travel firm (an Asian outfit) managed to get my address anyway, but I haven't heard from them since I put up a little web-page at Tripod saying "I am willing to opt-in to all bulk or commercial mail at..." and listed all of their contact addresses I could find.
Childish, I know, but it did the trick.
Re:Fight the good fight (Score:4, Insightful)
Another point that brings up -- just because someone doesn't KNOW their system is being used for spamming doesn't mean they don't CARE. It pays to notify before you condemn.
Welcome to the life of a helpdesk worker. (Score:5, Insightful)
Like that is different from working in any other kind of helpdesk!
Re:Welcome to the life of a helpdesk worker. (Score:2, Insightful)
Like that is different from working in any other kind of helpdesk!
It's not different from not not working in any helpdesk either, but being the one most your colleguas call because the helpdesk "refuse" to help them... like if I can help them recover they didn't save before shutting down the day before by pulling out the powercord.
That aside, I think there would be a lot less stress overall for the people working for any sort of helpdesk if we users remembered to be polite, and that in turn would mean b
Re:Welcome to the life of a helpdesk worker. (Score:3, Insightful)
Hell yeah. Only problem is, one bad user can ruin a tech for everyone else.
One user didn't like it when I told her that I couldn't send her a Win98 CD, so she called up Customer Service and told them I insulted her and made her cry and demanded that I be fired on the spot. The call wasn't recorded, and my company's policy is to belive the customer before the employee, so when I came into work the next day all my stuff was packed up in a box. Only after poking holes in her lies with other evidence, timestam
Re:Welcome to the life of a helpdesk worker. (Score:3, Informative)
I'm probably not seeing the full picture, because I preemptively block inbound SMTP from netspace that doesn't terminate spammers. The biggest chunks are 4.0.0.0/8 (open DSL proxies from Genuity/Verizon/LVLT depending on who's bankrupt this week), 12.0.0.0/8 (ditto in AT&T space), and 24.0.0.0/8 (ditto, but with cablemodems) and 200.0.0.0/6 (all of LACNIC
Not my helpdesk (Score:3, Insightful)
The other half is that people tend to hire tech support based on technical knowledge without considering communication skills. During my relatively short tech support stint (5 years with different companies) I went to half a dozen communication classes. Validate, empathize, assert. Solves most problems and diffuses even the wrost att
Sounds like Slashdot (Score:3, Funny)
Yes, it's like the horde of trolls striking while other people are trying to discuss the subject at hand.
Re:Sounds like Slashdot (Score:2)
No spam article is complete without a comparison to Terrorists or Nazis. I give it a 1 out of 2 stars.
Whitelisting is the answer (Score:5, Insightful)
Many legitimate machines and users - even whole ISPs - unfairly end up on blacklists, while the spammers just find another way through.
The spamblocker tools and their heuristics get smarter, but don't forget that spammers keep up with these tools and constantly find new ways around them.
I was using Razor and SpamAssassin for months. Formidable combination - networked blocklists plus pattern matching. Gave me a bit of peace. Very few false negatives. But in the last month, I've seen a whole new generation of spam coming through that the filters don't even touch.
Peace has finally come from a package called Active Spam Killer [paganini.net], a package which works from a white list, and provides a convenient way for new correspondents to get themselves onto the whitelist.
There are other whitelist-based packages, such as TMDA, but ASK is simple and painless to set up.
Result?
Spams to my mailbox have gone from 40 a day to zero.
Re:Whitelisting is the answer (Score:4, Interesting)
You're adding an authentication layer to your specific mail account. Now, all we need to do is implement 4.1234E13 different mail account authentication systems. Each with it's own bugs, weirdo assumptions (HTML only, perhaps? Imagine how Mickysoft might do this...) and other deficiencies. Everyone you correspond with will have a different one. What fun!
Authentication is the only feasible solution to spam. If we could collectively decide on a method of implementing it in a standard fashion we could avoid the mess.
Don't hold your breath.
Re:Whitelisting is the answer (Score:2)
Yeah, but (Score:3, Interesting)
2) you could use a 'what number is this a picture of' type questions. The problem is figuring out how to make it multilingual.
But really it dosn't need to be standardized at all, since these things are going to have to be handled by real people, rather then computers.
Re:Yeah, but (Score:3, Insightful)
You are correct. It doesn't have to be standardized.
Now prepare yourself. Microsoft will implement a system whereby you get the challenge mail that contains a link to a page with a Palladium enabled ActiveX control that you must cope with to get authenticated. It will stop spam and be highly successful, popular and integrated with Outlook version 32.010155a and
Re:Yeah, but (Score:3, Insightful)
Why would it have to be multilingual? I speak English; why would I want to receive mail in a foreign language? (Hell, maybe it'd help block the Brazilian spam I've been getting lately...)
Whitelisting is unethical (Score:5, Informative)
And how do you feel about making all innocent senders of mail do extra work, while spammers simply ignore it and move on?
I simply cannot justify that, based on the redistribution of workload and increased aggravation - you send me a bounce message, I consider your email address invalid whether that bounce is "500 address unrouteable" (a valid, understandable error) *or* "500 I Don't Like You" - which I consider frankly offensive.
Go back to SpamAssassin, get 2.50 or better, which includes Bayesian analysis as well as all the above. Or just shove a Bayesian filter in the way after SA; here, I have outright regexp-based rejection and SA in exiscan, followed by bogofilter in procmail - very few spams get past the first hurdle (From: headers snarfed from Usenet) and those that do are caught either by SA and/or bogofilter.
This way happiness lies.
Re:Whitelisting is unethical (Score:2)
Well, If someone took the time and extra work to send me an email in the first place, then I think they can take a few seconds to verify their humanity.
If you think spending a few seconds for each person (not each message) you want to communicate with is to much work you're obviously trying to mail to many people (and thus, are a spammer). If I had to verify myself to everyone I mai
Re:Whitelisting is unethical (Score:2)
And this is what I disagree with. A lot. The work required to send an email should be exactly that; you type it and push Send, that's quite enough. Having to go through extra hoops because someone defaults to assuming you're a bad-guy is totally uncalled-for.
"(and thus, are a spammer)."
You really do have an offensive view of the world, don't you know? Without thought for people's modes of operation or needs, you tar everyone a baddie unti
Think about it (Score:2)
How many times per day do you email someone you've never emailed before?
If the second number is higher, then you're probably a spammer and even if you're not an email from you wouldn't be very special. If the first number is higher, you would have far less annoyance in your life if everyone adopted this system.
I'd rather have a few people's computers think I was guilty of spamming until proven otherwise then have to deal with deleting Spam, and for me, its a choic
Re:Think about it (Score:2)
Re:Think about it (Score:2)
Putting some obstacle on the reception of legitimate mail (er, like "you should pay an stamp to send mail to me") will have the same effect, so you are changing the definition of the problem, but not really solving it. It can be minimized using friendly or not troble-mak
Re:Whitelisting is unethical (Score:2)
Does your home have locks and keys? Not everyone wishes to break in. How offensive of you to secure your property against me. How dare you force me to knock and wait outside for you to answer! What do you think I am, some sort of thief?
If you take offense at being asked to verify yourself with me exactly o
Re:Whitelisting is unethical - hardly (Score:3, Insightful)
Then you can forget about my patronage, because I do not expose my email address in this manner.
(My slashdot-published email is a blackhole, so don't bother.)
And you can also forget about asking me to use my email address as a userID.
"Everybody who asks for my email address is a spammer until proven otherwise."
Yes, I have no problem isolating myself from the rest of the outside world, especially spammers, telelmarketers, and other advertizers of all type
Re:Whitelisting is unethical (Score:2)
I'm not sure that I'd want to add the additional layers of programming to get my Email's through the filters. I shouldn't have to eithier, nor should I have to recieve the 13 MB of spam a week we get either.
Re:Whitelisting is the answer (Score:4, Insightful)
I spent five years working for ISPs, and during that time the only case of blocking I can think of that you could even possibly argue is unfair is the case of a certain major telco in the western United States which was (and AFAIK still is):
This led to the situation of us blocking their entire DSL pool based on reverse DNS.
You could make the argument that it was unfair to said telco's business DSL customers to have their legitimate mail blocked, but I would then ask you, "Who was it that was being unfair to them? My employer, when we had no way to distinguish legitimate from illegitimate mail in that DSL pool from which most mail was illegitimate, or said telco, which was not providing proper service to its business DSL customers, who were paying a large premium over what residential DSL customers were paying and apparently getting little in exchange for their money?" My answer, of course, would be "Not my (then) employer."
Please note that we did not consider blocking of residential DSL customers to be unfair in any way, ditto for ordinary dial pool customers. It is normal for ISPs (and the telco in question did so) to provide outbound SMTP hosts for use by their customers. All those affected, including the business DSL customers, could make use of them either directly or as a smarthost. It is not unfair to tell a residential customer "Use your provider's outbound SMTP hosts. That's what they are their for." I'm not convinced that it's unfair to say that to a business DSL customer either, although I understand how they would like to be able to send mail directly instead of smarthosting through their provider. However, if the telco's position is essentially that a DSL line, because it doesn't cost like a leased line, does not include the normal services that come with a leased line (such as reverse DNS service), that is an issue to be settled between the telco and the customer.
I also question whether or not it is "unfair" to anyone to refuse their mail, on the grounds that delivering mail to any domain is a privilege, not a right. It is, of course, customary to extend that privilege to anyone who has not violated it or is not a member of a group of IP addresses where violation of that privilege is the norm (as in the case above), but no domain can be ordered to accept mail from any other domain. Refusing mail may have consequences for the refuser, of course, but that is their choice to make.
One way to slow a specific flood (Score:5, Interesting)
A honeypot for spam - mentioned here previously, I think - would be one answer. It would recognize a spammer and, instead of disconnecting, it would accept all the spam - very sllloooowwwly, then discard it. It's not a trivial programming task, since the spam would have to be recognized, then treated differently from that point on from regular email. But it's feasible, I think and would help fight the large scale attack noted at the beginning of the linked article.
Re:One way to slow a specific flood (Score:2, Interesting)
Re:One way to slow a specific flood (Score:2)
You know this is trivial to defeat right? A simple heuristic to detect the honeypots would have no trouble dealing with this. Spammers are highly motivated at defeating stuff. Excessively slow server detection will be a standard feature of all next generation spam software. Bet on it.
Flaws with the accepting mail slowly defense (Score:3, Interesting)
Let's hope so. Then I'd just accept all mail slowly and spam would go away!
Seriously there are flaws in this kind of defense. First, I'm already seeing several spammers who already send mail slowly, probably to avoid setting off statistical trappers and to make it harder to scan through log files. Also don't forget that the spammers usually have much more bandwidth than the recipient; you can never win
Re:Flaws with the accepting mail slowly defense - (Score:3, Interesting)
Detect and run from, sure, but not _defeat_. (for a value or "defeat" == "get yer spam through")
Excessively slow server detection will be a standard feature of all next generation spam software.
Oh it is now. Has been, for at least a year. My buddy, who runs his own mail server, teergrubes anything he can detect as spam. The spammers flee, then remove him from their lists. He cares not whether this is automatic or requires manual effort on the part of the sp
Re:One way to slow a specific flood (Score:5, Interesting)
I have previously mentioned a honeypot here, but not the one you are talking about. I try to receive the spam as fast as possible in the hope that every spam ending up in my honeypot is one less spam to end up elsewhere. But I feel it is getting harder to attract spam. Though I have been working hard to make my honeypot attract lots of spam, and in the process managed to get my IP on OpenRelayCheck [openrelaycheck.com], I only got 1.3 million yesterday. My record from october 2002 was 36 million in 4 days.
Re:One way to slow a specific flood (Score:5, Interesting)
Mar 27 08:07:18 [210.222.196.141:27910]
ehlo ll-nidaf2xx5kn9
Rset
Mail from:<china9988@21cn.com>
RCPT to:<china9988@21cn.com>
Data
From: china9988@21cn.com
Subject: 68.22.196.106
To: china9988@21cn.com
Date: Thu, 27 Mar 2003 23:20:51 +0900
X-Priority: 3
X-Library: Indy 8.0.25
t_Smtp.LocalIP
.
Quit
Mar 27 19:23:10 [210.222.196.133:58885]
HELO hanmail.net
MAIL FROM:<jkdsa@hanmail.net>
RCPT TO:<mg0108@hanmail.net>
DATA
Message-ID: <20820-2200335282014339@hanmail.net>
X-EM-Versio
X-EM-Registration: #0010630410721500AB30
Reply-To: rolliey@hotmail.com
From: "good" <jkdsa@hanmail.net>
To: mg0108@hanmail.net
Subject: 68.22.196.106
Date: Fri, 28 Mar 2003 11:00:14 +0900
MIME-Version: 1.0
Content-Type: text/html; charset=KS_C_5601-1987
Content-Transfer-Encoding
<HTML>
<HEAD>
<META NAME=3D"GENERATOR" Content=3D"Microsoft DHTML Editing Control">
<TITLE></TITLE>
</HEAD>
<BODY>
<P><
</BODY>
</HTML>
.
QUIT
Re:One way to slow a specific flood (Score:4, Interesting)
That is also what I do, and your probes sure look familiar. Occationally I actually relay the probes to see what they are actually up to, and then I get loads of spam. I also run another program on ports 1080, 3128, 6588, 8000, and 8080 that pretends to an open proxy which can be used to connect to an open relay. Next step would be to automatically report received spam to razor.
Re:One way to slow a specific flood (Score:2, Insightful)
A quick nmap of those two IPs leaves me fairly convinced that they are being used for spam relay without the permission of their owners. Mailbombing them would not be terribly productive, and would almost certainly get you in trouble with your upstream if any
Re:One way to slow a specific flood (Score:2)
The path of a typical successful test:
[Client]->[Open Proxy]->[Open Relay]->[Their Mailserver]->[Client]
Mail bombing would affect the mailbox on their mailserver, (which is most likely an innocent,
Re:One way to slow a specific flood (Score:2)
21cn.com (Score:2)
Teergrube (Score:4, Interesting)
<link rel="DoNotEmail" href="mailto:aa0u@kjernsmo.net" />
(yeah, that's a real, living trollbox, spambots, do your worst! :-) ) Very few users will ever see this, but the spambots will harvest it. It is clear that many of them do.
The other thing you mention, I think that is what is meant by a Teergrube [iks-jena.de]. Marc Merlin has some good stuff [merlins.org] on using Exim and SpamAssassin to reject messages or making spammers stick in a teergrube. He has some debs too.
Unfortunately, I haven't had time and I haven't been feeling adventurous enough to try all this, but clearly, it works well.
Re:One way to slow a specific flood (Score:2)
verrry slowly (Score:3, Interesting)
Heh...I run sendmail on a 486DX/33. I accept everything very slowly. :-)
But in all seriousness - I expect that some day, somebody will find a security hole which I've overlooked. However, when that day comes, my little 486 certainly won't be much of an asset. If a spammer finds a way to exploit sendmail, and tries to relay 5 bazillion e-mails, my box would certainly crash. I consider it a boon to the internet if I make myself very difficult to exploit, and sticking a just-barely-does-the-job server up
What you say? (Score:3, Funny)
I don't know if this is a "Lord of the Rings" reference or a "War on Saddam" reference.
All your Godwin are (almost) belong to us... (Score:2)
75 million? (Score:4, Insightful)
So if 15 million messages is 20% of what they get, they receive 75 million individual messages a day? That seems a little high...
Re:75 million? (Score:2, Informative)
No way he gets spam! (Score:2, Funny)
Re:No way he gets spam! (Score:2)
Simple solution (Score:4, Insightful)
Get organized and form a plan but first, get organized on a global level.
Then kick some ass and pool for legal action against the thieves.
Re:Simple solution (Score:2)
This is the real world, not Noddyland. Abuse departments cost money.
disgusting (Score:3, Interesting)
Now that I've thought about it. How is spamming still profitable? Are there that many people out there that are into having sex with farm animals? Or believe their are pills that increase life span? Who the hell are these people?
Re:disgusting (Score:3, Insightful)
The economics of spam work because of the huge imbalance between what a spammer pays, and the price of the products bing sold. One sale per million messages probably makes the whole undertaking feasible. I think it was PT Barnum who said no-one ever went bust underestimating the intelligence of the public.
Re:disgusting (Score:2)
IRL (in real life) we call them Commission Salesman, Tele Marketers, or in corporations we call them the "Marketing department"...
Re:disgusting (Score:2)
B5 (Score:2)
Oh so I get it, fighting spam is like saving the Galaxy!
I had no idea it was THAT important. I'm on the edge of my seat now!
Re:B5 (Score:2)
Outblaze, huh? (Score:5, Interesting)
Now, some people may feel it's my own fault for taking advantage of the part of RFC 2821 [roxen.com] which states that if a mailserver defers checking to see if it can relay or deliver the mail then "These servers SHOULD treat a failure for one or more recipients as a "subsequent failure" and return a mail message as discussed in section 6.".
But, I guess they feel that everyone runs sendmail, so every time they test my mailserver, I end up with another batch of relay rejected messages intended for them sitting in my postmaster mailbox.
There are two parts of this that bug me:
Anti-chinese bias (Score:3, Insightful)
I mean, I guess it'll help cut down on the spams they get, but it won't help stop the problem.
Anyway, the true way to stop spam is challange-response for the first message from a new person. Easy to implement, and it dosn't require any software for the sender.
Re:Anti-chinese bias (Score:2, Interesting)
> subdomains are idiots. How are they supposed to work with anti-spammers
> there if they can't even talk to them?
While spam might come from Chinese or Korean subdomains, it usually is about American products to the degree that the stuff offered is completely useless for someone from the Netherlands. They might at least filter on the target email address you'd think.
Re:Anti-chinese bias (Score:2)
Re:Anti-chinese bias (Score:2)
The Netherlands - where all the men are 12", all the women have no need of breast enhancement, and sexual potency runs rampant! Sounds like my kind of country...
The bounce problem (Score:5, Informative)
If 50% of all mail in the US is spam, then the other 50% must be the bounces for all that undeliverable mail!
I run a mail gateway for a medium sized company, and although not on the scale of a large ISP, I see many of the same problems. Dealing with spam on a gateway level is quite different from dealing with a single personal mailbox. And spam flooding has gotten much worse in the last few months. Getting over a 1000 messages in under a minute can really start to tax your infrastructure. Actually from my own observations, I'd say that at least 75% of all mail is spam, and 80% of that is undeliverable.
Of course one of the big problems as Ramasubramanian points out is that spammers are getting very sophisticated at impersonating other entities. This results in a large number of bounces being directed back to the wrong guy. So not only are you getting spammed, but you are also indirectly spamming the poor guy who is being impersonated with your flood of bounces. And the bounces also cause other problems because it tends to fill up your outbound mail spools, as well as making the required postmaster account near useless sometimes.
One thing I've learned is that a mail administrator must be very careful about constructing blacklists and filters. I use sendmail [sendmail.org] and make heavy use of it's milter [milter.org] programatic filter interface. It's amazing how being able to analyze the mail at the protocol level (such as the HELO command) helps identify impersonated mail that can't just be done by only looking at mail headers or the message body. It is also possible to help correlate large volumes of nearly identical inbound mail from a large number of different servers, as well as correlate them with large number of undeliverable outbounds. I'm also very careful to check whois an other registrar databases before adding blacklist entries, to help prevent blacklisting the wrong guy. But I do admit that for a few of the most audacious flood attacks, I actually have to resort to iptables [netfilter.org] firewall blocks to stop it even before sendmail sees it. I really dislike having to disobey the SMTP standards, but spam floods are IMHO just as destructive as worms and viruses!
The thing I fear most as a mail administrator is not the inbound spam, but that some spammer may start impersonating my company! We'd start getting placed on blacklists and blocked, plus we'd start getting flooded with all those bounce messages (probably an order of magnitude more than direct spam). How can one possibly protect against that?
Re:The bounce problem (Score:3, Interesting)
One possible solution to the problem of bounce messages is to not send them.
When an undeliverable mail arrives check against a set of criteria, and if the mail looks like spam then don't send the bounce, since the adresses are likely to be faked anyway. This way the poor sod that got his adress used as the sender won't recieve (as many) bounces. The disadvantage is the possibility for false positives, that a legitimate mail might be tagged as spam and the sender won't see the bounce. Anyway for a large mai
Re:The bounce problem (Score:2)
But there is no way that the bounce messages are going to help that, since they would most likely end up in some poor users mailbox on a completely different network.
And I don't see that not receiving a bounce is a big problem anyway. Email in itself is essentially an unconfirmed service since not getting a bounce is no sure indication of sucess (success == that the intended person has received and seen your mail). If your email is important enough you would include something along the lines of "please rep
Whitelist "black holes" (Score:3, Insightful)
Alice sends email to Bob.
Bob's mail server sends a challenge to Alice.
Alice's mail server challenges the challenge and sends a challenge to Bob.
Bob's mail server challenges the challenge of the challenge and sends a challenge to Alice.
Ad infinitum.
How is this resolved without allowing SPAM through the same mechanism?
Re:Whitelist "black holes" (Score:4, Informative)
*shudders when thinking at the vacation-wars*
Re:Whitelist "black holes" (Score:2)
You can also use tagged reply addresses to ensure replies get through. or message i.d's, which is more heuristic.
People curious about whitelist systems may find the TMDA faq helpful This specific question is discussed in this entry [tmda.net]
Re:Whitelist "black holes" (Score:2)
Ecco Ping! Ecco Pong! Ecco Pang!
Image in article (Score:2, Funny)
China is old news for spam. (Score:4, Informative)
The spammer [slashdot.org]
I knew has moved to the Philippines. Supposedly it's the next big shelter for
these roadhogs. China has a lot of business interest in the US so they are doing what they can do eliminate the problem.
Re:China is old news for spam. (Score:2)
Like putting spammers on the death row and selling their organs afterwards? Sweet. The death penalty is a bit too harsh though. I'd be content with the organs.
Not entirely successful (Score:2, Interesting)
I use Outblaze's mail.com redirection service and almost all the spam that arrives in my work inbox is sent to that address.
At the same time, I've just had to stop using that address as the destination for several perfectly respectable mailing lists on which I lurk because Yahoo Groups keeps suspending delivery because of spurious bounce messages generated by Outblaze.
I'm tending to the opinion that if it was addressed to me, then it should be delivered to me and I'll choose what to do with it.
Re:Not entirely successful (Score:3, Interesting)
This is what I do. I get amazingly little spam in my primary account. I think this is because I do not give out that address lightly. I try to avoid having that address displayed in a public space. And it works for me. I only get maybe 5 spam messages per day, usually less.
I also do not allow javascript to run in my mail client. This prevents spam messages from communicating wit
Spam Cartoon (Score:2, Funny)
http://www.indystar.com/opinion/varvel/2003-03-
Pardon the karma whoring.
$G
Highly objectionable? (Score:2, Interesting)
Not saying I agree with cracked software but it's kind of strange to see it lumped in with bestiality and child porn?
Suresh... (Score:2, Funny)
Caution to all would-be spammers: Suresh is a guns and rifles enthusiast and has a very nice collection of assorted weapons and ammunition. Who knows what he might do to a spammer as a last resort...
How can you be sure it's the same guy? (Score:3, Funny)
Long time spamfighter (Score:5, Interesting)
Shuresh is also a regular poster in the newsgroup news.admin.net-abuse.email, a discussion forum about e-mail abuse.
Check his postings from the Google Groups archive [google.com].
Re:Long time spamfighter (Score:2)
Something about the article bothers me.... (Score:3, Interesting)
According to the article, this guy is having to block off a flood of mail from spammers to his system. The way I read the article, this flood is not for Outblaze users, but just for relaying. Why the bleep does his mail server even accept this mail? Any modern sensible set up mail server should follow a ruleset like:
if (sender is one of my users)
accept
else if (recepient is one of my users)
accept
else
bugger off spammer
endif
Ideally, the mail server would log system that were trying to send mail that didn't pass that test and tell the router to drop packets from them for a few hours.
Bam! 90% of problem solved.
Having received spams relayed by Outblaze servers, I don't think that's what is happening. I think they are running open mail servers, and trying to keep the spammers from using them.
I could be wrong, but that's how I read the article.
Re:Something about the article bothers me.... (Score:3, Interesting)
Don't put words in Suresh's mouth. He said he was trying to deal with a flood of BOUNCES to his system because the spammers FORGED addresses serviced by Outblaze.
Perhaps we should let the dam break (Score:2)
Maybe that's exactly what we need to get the attention of the Governments of the world to get serious about spam. Let the dam break for a couple days all over the world. Don't block anything. When people get thousands of spam
Re:Perhaps we should let the dam break (Score:3, Informative)
I see! (Score:4, Funny)
Which, of course, raises the possibility of dropping "bunker busters" on the offices of spammers. ;-)
I fully support this idea.
Chinese spam (Score:2)
But if I would give a spam score to mails based in content, I would mark as spam all that in the text have mails or websites whose IPs are located inside China.
Re:Translation please... (Score:2, Informative)
It should be Sturmbannfuehrer.
Sturm -> storm
bann is a shortened form of banner, which is the same in english
fuehrer -> leader
--> storm banner leader
bahn is either course or a train running on the course/rail. I'd translate Sturmbahnfuehrer as storm train leader
Roughly speaking... (Score:4, Informative)
/me shudders
Cheers,
Ethelred
Re:Translation please... (Score:2, Informative)
Filling referenced website logs with crap? (Score:5, Interesting)
How do people feel about scripts to fill website logs with crap? Here's mine, quick and dirty, written in about 30 seconds because I was pissed off:
#!/bin/bashCOUNT=0
while [ $COUNT -lt 10000 ]; do
lynx -dump http://www.resumeagencies.com/recruiterspage.asp?
sleep 1
let COUNT=COUNT+1
echo $COUNT
done
Note the fact that I'm calling what I hope is a dynamic page, so with luck, I'm wasting their server's processor time. The script is otherwise, as you can see, completely unrefined.
Legality, anyone? Other problems (despite the obvious fact that I have to waste my bandwidth to fuck with spammers)? Obviously, it's a DoS attack of sorts, but then again, so is an unsolicited e-mail. If they want to challenge me legally on that point, then I will do the same to them. My website very clearly points to the policies which apply to all e-mails sent to my domain.
Re:Filling referenced website logs with crap? (Score:2)
This is only effective where the spammer is offering to send something by surface mail: if they're just taking things to the next stage via email, they can presumably weed out the
Re:Filling referenced website logs with crap? (Score:2)
I've often thought that it would be nice to come up with something which submitted plausibible but fake information to the forms on spammers' websites. This would be done slowly so as not to DoS the server, but the steady trickle of nonsense replies would hopefully mean that the spammer couldn't tell the real ones from the fakes.
Well, they're really only going to expect the same things. Name, address, apartment number, daytime telephone, etc. Maybe a script could be written which looks for those prompts
Re:Filling referenced website logs with crap? (Score:2, Interesting)
Maybe, but getting the local postal service on-side can also be a good thing, why not try randomising the "Name" , "Surname" fields, but pick an address you know to be bogus. My favorite is a street in my hometown that only has houses on one side - a sandstone wall on the other, hence only (in this case) even numbers. Just make the postal address (Random ODD number) McRealStreet , State, PostCode, Country. All of a sudden the government owned and run postal service is flooded with garbage that they can't de
Here's a nice one... (Score:2, Interesting)
First, try to convince the server to give you a listing of
Then, turn it into a big list of URLs for pages and images, say "url_file_you_made". Finally, write a shell script to use that for nefarious purposes, like this:
Re:Interesting idea (Score:2, Interesting)
And say a spammer wants to send 10 million emails in a day. At 10 emails/open relay he/she would need to find 1 million open relays which isn't the easiest thing to do.