Hello

I am tired of sending emails to network admins around the ward.

A spammer from taiwan is killing me by sending hundreds of spams from different resources from different IPs and ISPs.

Every time n ISP closes mail relaying and access to hime he changes to another ISP and starts using the same spam list.

I even guess they contain some kind of evil script.

How do you fight spams like this?

Regards,
Mac

Complain to www.spamhaus.org and try and get the spammer listed in the spamhaus "rokso" database.

They'll chase the spammer and get them nuked until they RIP.

:uzi: :bomb: are two ways. The only good spammer is a dead spammer!

A lot depends on whether you have your own server or not. Configuring your mail transport program to use the free services provided by MAPS and ORBS can help. You could also block all mail from Taiwan (tw) and China (cn) I've never gotten anything but spam from them.

If switching to a different e-mail address is feasible, do that, and reject all mail to your present one.
Be aware of where addresses are harvested from. Newsgroups and domain registrations are primary targets, though there are others, including web sites.

Every effort you make in prevention of harvesting will be worth it. You won't ever get off that cretin's list. You can either terminate the cretin or terminate your email address. Either one will yield an effective remedy.

You can educate yourself more on various methods at anti-spam sites. There are links on CAUCE http://www.cauce.org that can help, and the newsgroup nanae is a good resource as well. Be sure to check out MAPS at http://mail-abuse.org

As Duster suggested, if you have some control over your mail server, it can be helpful. Also, if you can get hosted on a provider that offers some effective tools for stopping SPAM by filtering and different rules (again, if you don't have this control yourself), it can be very effective.

These are things you can do to help greatly lessen or completely stop SPAM -- granted you have this access or have a provider that you're hosted on that offers these tools and whatnot.

Firstly, don't use catch all for your email. Plenty of SPAM comes to random addresses, due to so many domains having catch all email addresses.

Also, you can set up certain things such as RBL on your mail server (a feature that checks a resource for known SPAMMER domains or addresses and blocks them). Further, _most_ SPAM (or a high percentage of them) come in the form of not only fake sender addresses, but fake or invalid and irrelevant TO: addresses. Most SPAM are sent out in BCC (blind carbon copy) fields and not the TO field or CC field. Tools like procmail work _very_ well for helping to filter out these type things. Such as not accepting any email, unless it's A: to a valid address (not catch all) and B: it has to be a valid address either in the "To" or "CC" field. This alone will greatly reduce most SPAM.

Another good thing to do, is to have a list of acceptable addresses. I.e., the from and/or reply-to address fields can go through if they match an address on the list you have of good domains or addresses. These can bypass any further filters, etc. and make it easier for friends and whatnot to contact you. The problem is, a lot of people are new senders every day in web hosting and general inquiries of your web site or service. However, since these people aren't known ahead of time, they can't be on the list, so further measures are required, of course.

You can also simply implement a form-mail script on your web site and have that form mail send email to a cryptic or completely unknown address. All emails sent to any other address can automatically be trashed upon arrival after they are bounced back to the sender and/or reply to address saying something like: "Due to a massive amount of SPAM emails, we ask that you please submit emails to us via our form mail form, located at the following URL...."

Procmail and other similar tools are good for filtering and checking for suspicious looking sender/reply-to addresses, as well as key words. Such as "make money fast", "low rates", "largest sex site" or anything that's common of SPAM. Since that list can get rather lengthy, you can filter out some things in the message boady as well, such as "this email is not SPAM" and "this email is sent in compliance with the new bill" and parts of text that most email SPAM contain somewhere. You can put anything to flag and move or delete or bounce any email for about any reason. By sender, reply-to, To:, CC: or lack thereof. You can do this in the header, the subject, the email body, etc. Reject emails with HTML might even help -- or rather, at least the one's with the FORM tag in them.

If you are really paranoid or really sick of it, you can take another step and have the email bounce and instruct the sender that you require the sender to put some key word or phrase in the email's subject line or body before their email is accepted. Personally, I think that requiring people to use form mail on your site that sends to a specific email that can't be known, reject any emails that aren't either TO or CC to you (unless they are on your list or trusted senders) -- and have a list of trusted senders, should be pretty effective. These options are fairly simple and work with most email programs that are any good (i.e., Qmail, Sendmail), as long as you install procmail, which allows you to filter and check for many things and use scripts and programs people have already coded that will do these things and simply allow you to add or alter the fields you want and how you want them dealt with.

With the procmail program and some decent rules, forcing people to use form mail and not using catch all addresses, you shouldn't get _any_ SPAM -- unless the SPAMMER goes to your site, but that would be pretty rare and you'd have their IP and other information logged, which is a far cry better than all these people with their SMTP servers wide open. I personally think people should have licenses to run mail servers, so no one can relay through them, as the license would require them to disable relaying abilities, fine and jail SPAMMERS -- not just cancel their $14/mo. account, require a drivers license or real ID check before allowing them to sign up and make them aware of and sign an agreement stating they understand the terms and conditions.

If people can't email without being identified through their ISP upon SPAMMING and be fined and jailed, and face more than having one of their many accounts on an ISP canceled only to SPAM millions more before having the next accounts canceled and so on -- along with other such implemenations and rules, SPAM on the Internet would cease to be. However, that's certainly impossible and would only happen in an impossible world (people will never work together on something that large of a scale, it would be impossible to enforce and control and I seriously doubt any such thing would ever be considered to be in effect), so the ideas above may help save the hassle of trying to deal with SPAM and all the annoyances that come along with it. Of course, the biggest help, would be if all the idiot's that buy into the SPAM would smarten up and not make these people any money ever again, they'd have no reason to SPAM people in the first place. Of course, that too is just (and more) impossible than the above rant of mine. Therefore, I'd suggest either implementing these things (pretty simple to do) or having your provider do so, or move to one that does and you ough to have very, very few, if even one SPAM, ever again in your Net-life.

I'm getting hit pretty nice with spam the past few days; about 200 (!!) eMails per day with this same message:


Ç×°®µÄTracy WongÏÈÉú/С½ã£º

¾´ÇëÁôÒ⣬¹ó¹«Ë¾ËùÏíÓõÄ[È˲ÅÑ¡Åä]·þÎñ£¬½«ì¶2001/06/14ÖÕÖ¹¡£

Èç¹ó¹«Ë¾Ï£Íû¼ÌÐø²é¿´ÇóÖ°ÕßµÄÂÄÀú£¬ÇëÒÔÎÒÃÇËù´«ÕæµÄÃÜÂ룬½øÈëÐÜèÏͲÅÍøwww.pp11.comÖ®[Çó²Å»ùµØ]£¬Ê¹ÓÃ[¾«Ó¢ËѲéÏß]·þÎñ¡£

²éѯÏêÇ飬»¶Ó*µçÓÊÖÁadvertiser@pp11.comÓëÎÒÃÇÁªÂç¡£




ÐÜèÏͲŽ÷ÉÏ


Header says: Received: from dima.nic.cc (dima.enic.cc [209.237.73.115])

:( :bawling:

Yeah, don't you love all those SPAM emails from TW? The one's with not one word of English, when the highest percentage of people getting their SPAM wouldn't have a clue of what it says? You'd think Taiwan SPAMMERs would at least try and SPAM people that could understand it. That's almost as bad as those 75+KB SPAM emails that are 20 pages long and never even try and offer any contact via postal or email or even a phone number for people to use to order the product. Seems a little pointless, other than to waste bandwidth.

unfortunately that seems to be the reason they are doing it

~{GW0.5D~}Tracy Wong~{OHIz~}/~{P!=c#:~}

~{>4GkAtRb#,9s9+K>KyOmSC5D~}[~{HK2EQ!Ed~}]~{7~Nq#,=+l6~}2001/06/14~{VUV9!#~}

~{Hg9s9+K>O#M!ult;LPx2i?4GsV0U_5DBD@z#,GkRTNRCGKy4+Uf5DC\Bk#,=xHkP\C(OM2EMx~}www.pp11.com~{V.~}[~{Gs2E;y5X~}]~{#,J9SC~}[~{>+S"KQ2iO_~}]~{7~Nq!#~}

~{2iQ/OjGi#,;6S-5gSJVA~}advertiser@pp11.com~{SkNRCGA*Bg!#~}




~{P\C(OM2E=wIO~}




This message is in Simplfied Chinese (Mainly used in China). It notify you that you wil not be able to receive their free service (job search) any more after 2001/06/14.

Congratulation! :D :D :D

Hello

Some of these TW Spams (TWS: TaiWanian Spams)
contain automatic running scripts that may harm your computer.

Sometimes script does not come with email bu loads when you want to see it (Not even openning attachments).

So I sugesst you to delete it as soon as possible without letting it to download scripts from thenet.

Alternatively , you can delete it when you are ofline.

(Outlook starts browsing the email as soon as you click or right click on it's subject )


Regards,
mac

This is why I used Netscape (with JavaScript disabled) or another mail client, other than something like Outlook Express or whatever. I've been forced to use Outlook due to so many email addresses I have to check and send from -- with different sender/reply-to and signatures. I got an email the other day (SPAM, of course) and everytime I tried to highlight it to delete the thing (before I read it, you can tell it's SPAM by the subject), it locked up Outlook.

I finally had to start deleting about one ot two emails above it fast enough for it to not open (I tried configuring the read time to a few seconds, but that didn't help), and just went into the trash folder and copies the emails I wanted to keep back into the inbox -- then I just emptied it. I had no idea what was in it, but I do have my Outlook client to not launch or use any scripts -- but that didn't do any good. What a pile of junk! This is why I can't stand Outlook, you have no control. Looks like I'll have to just keep booting into a Unix variant instead of Windows (so I can check and reply to all these emails properly without a hassle).

Why do some people spam? Do they enjoy doing it?
What's their problem? :mad:

hmm...i don't get much spam...maybe it's aol? :P

Originally posted by 9kdnet
Why do some people spam? Do they enjoy doing it?
What's their problem?
A very few small, reputable companies and busoiness owners are duped by spammers and focus on the technology. They believe the lies about bulk e-mail advertising being a great way to advertize because it is cheap. The cheap part is true, the great way part is not. Some get duped by spammers who claim to offer opt in lists. They don't. If an "e-mail marketing company" offers a choice of opt-in lists or something else, they are spammers. They just charge more for the phony opt in list.

There are a few genuine e-mail marketers. They use only verified (by the recipient) opt in lists.

Most spammers can be judged by the messages they send out. Illegal schemes, chain letters, pump and dump junk stock schemes, etc. These are people who care nothing for others and only care about finding a few morons dumber than they are to send them money.

Another group are people with a tad more intelligence who share the same lack of consideration for others. Like all spammers, all they care about is distributing their message in hopes somebody will bite. Your desires not to receive information you did not request do not matter to them at all. This includes Network Solutions, Pizza Hut, and hundreds of others. Also included is Sam Khuri, who flagrantly defies at least two court orders to refrain from sending unsolicited biulk e-mail. He is the owner of Benchmark Printer Supply in Atlanta Georgia. If you've gotten spam about laser printer toner, complete with a toll free number for removals, it was from him

He does serve as a perfect example of why all the proposed federal legislation to allow spamming as long as removal instructions are included will not work. If we are to ever have a federal law about spam, it must make it illegal to send it the first time.

To state the answer to your question concisely, people spam because they are slugs and slime with no consideration for others.

Why do you even read Spams? I just throw them into trash can. I think it gives more headache by thinking of Spam.

Originally posted by Tim_Greer
This is why I used Netscape (with JavaScript disabled) or another mail client, other than something like Outlook Express or whatever. I've been forced to use Outlook due to so many email addresses I have to check and send from -- with different sender/reply-to and signatures.


Check out Calypso (www.calypsoemail.com). It is more reliable than Outlook and has the multiple address features you mentioned above.

No one should be forced to use Outlook...

Originally posted by klisis
Why do you even read Spams? I just throw them into trash can. I think it gives more headache by thinking of Spam.
Many of us don't read them, other than the headers. That lets us get them cancelled. blocked and otherwise terminated so we don't get any more from the same source.

Just hitting delete, what many spammers advocate, does nothing to solve the problem. That's your perogative. Some of us, however, enjoy pouring salt on these slugs and making sure they don't infect any one else's garden.

"The spam wars are about rendering email useless for unsolicited advertising before unsolicited advertising renders email useless for communication."(Walter Dnes/Jeff Wynn)


"Anti-spammers are the immune system of the Internet." (CDR M. Dobson)

Originally posted by Duster

Many of us don't read them, other than the headers. That lets us get them cancelled. blocked and otherwise terminated so we don't get any more from the same source.

Just hitting delete, what many spammers advocate, does nothing to solve the problem. That's your perogative. Some of us, however, enjoy pouring salt on these slugs and making sure they don't infect any one else's garden.

"The spam wars are about rendering email useless for unsolicited advertising before unsolicited advertising renders email useless for communication."(Walter Dnes/Jeff Wynn)


"Anti-spammers are the immune system of the Internet." (CDR M. Dobson)

lol, I remember someone saying this "Duster is always right and others are wrong." Whoever said that, well said. :blush:

Beware of people who use absolutes like always and never.

Originally posted by Duster
Beware of people who use absolutes like always and never.

So, should we only beware of such people _sometimes_ then?

[ I couldn't help it! *l* ]

Originally posted by Mike the newbie



Check out Calypso (www.calypsoemail.com). It is more reliable than Outlook and has the multiple address features you mentioned above.

No one should be forced to use Outlook...

Thank you very much! I'll look into it.

Originally posted by Tim_Greer


So, should we only beware of such people _sometimes_ then?

[ I couldn't help it! *l* ]

Always beware of people who sometimes use absolutes, as even they never use them all the time. :D

I happen to Like Outlook Express, it's a good easy program. One problem I have with it is it should run in the backround without being in my menu and check for email in the time-frame I specify. As of now, I have to keep it open to do this. A list of Very Good mail programs would be nice though... anyone know how to export email out of Outlook Express, that's my only other problem.

Don't fight, it, just accept it as another sad fact of life :(


heheh... every time I reply to one of those messages, I get 100 more...

so basically they are not advertising anything. just sending messages most of the time..

you know.. all those make a million dollar working from home opportunities.



heheh

i've been always wondering, where did the name SPAM come from? i knew what SPAM was and use it all the time to show my hatred for the concept... but never understood how the name came about...

It originated frrm a Monty Python sketch in which a bunch of Vikings kept chanting "spam" over and over at a restaurant and drowned out normal conversation.

well, did they get the spam? :D

i've never watched any of the monty python movies... except the search for the holy grail... those movies surely have humor down pat ;)

Originally posted by Tim_Greer
Such as not accepting any email, unless it's A: to a valid address (not catch all) and B: it has to be a valid address either in the "To" or "CC" field.While I don't disagree that many spammers use the BCC field, I think it's reprehensible to block email that happens to have your name in the BCC instead of To, especially if it is server-wide on a web hosts' server or the like. The reason is if I send email to 10 people, why does each person need to know the address of the other 9? If I need to send a message that is the exact same to 10 or even 100 people (such as running a webhost status list), no one on that list is going to be happy with me if I send all the addresses in the To or CC fields for everyone else to see.

Read it again, tubedogg. You completely misunderstood what was said.

How did the name spam come about ? Forgive the history lesson if the US actually has spam, but spam is, as every Englishman knows, chopped pork and ham. After the war when we had rationing, one of the few commonly available and affordable meat products was a tinned chopped pork and ham product called Spam. It was one of the few meat based products that everyone could afford and was available everywhere.

The Monty Python sketch is referring to this godawful concoction. I guess the name in reference to email came from the Monty Python sketch, but Spam is (yes, you can still buy it !!) a cheap, commonly available meat product.

Lesson over.

Mark

Originally posted by tubedogg
While I don't disagree that many spammers use the BCC field, I think it's reprehensible to block email that happens to have your name in the BCC instead of To, especially if it is server-wide on a web hosts' server or the like. The reason is if I send email to 10 people, why does each person need to know the address of the other 9? If I need to send a message that is the exact same to 10 or even 100 people (such as running a webhost status list), no one on that list is going to be happy with me if I send all the addresses in the To or CC fields for everyone else to see.

Most people don't get emailed via BCC from anyone other than SPAMMER's. Of course, there's always those that get them from their host, friendly, family, coworker's, etc. You simply have a local (or global) list of acceptable addresses. If it's from a user @themainhostaddress.com, or a specific user (the administrator), then it's accepted and bypasses that filter. If you have a problem later on with someone faking an accepted address or something, you can just put in something to verify it was from it's true source. SPAMMER's will make it look like it's coming from your host' address sometimes, but I've never seen a SPAMMER actually go through the trouble of putting in some passhrase *which can be stripped out via the filters checking the email*, or something else. Also, you can make it so it only accepts BCC emails from certain IP's and address combinations. This is a very simple thing to do by using some Procmail rules, or to have a script (i.e., Perl) filter the email and react accordingly -- which can be done via procmail as well, or Qmail or Sendmail's alias directives... among other variations.

That's all fine and completely true. My point was that applying that type of restriction on a system-wide level when the server is a web host or ISP is despicable especially if you don't let your customers know about it ahead of time (e.g. before they purchase your service). 99.9% of people on shared hosts aren't going to be able to change their servers' settings, let alone mess with something like this.

Last saturday I received 12626 copies oif the same mail. All programs I know of that can login to a mail server and mass delete failed because they timed out everytime because of the large number of mails.

It ended up with that I placed a rule so each mail was deleted when it was download to my computer. My computer was just getting the mail during the night while I went to sleep. This incident was quite annoying :mad:

Originally posted by tubedogg
That's all fine and completely true. My point was that applying that type of restriction on a system-wide level when the server is a web host or ISP is despicable especially if you don't let your customers know about it ahead of time (e.g. before they purchase your service). 99.9% of people on shared hosts aren't going to be able to change their servers' settings, let alone mess with something like this.

Who said it would be implemented as a system wide feature, especially without telling anyone, let alone, giving them the choice? This was about stopping SPAM for yourself, not stopping SPAM for everyone on the system without giving them the choice. Certainly, it would be stupid to implement such a thing on a server and not give the hosted client's (or account holders on an ISP) the choice. However, you can offer them the choice. 99% of the people on shared hosts actually might be able to change their own settings. It doesn't need to be system wide. I only gave an example of what you can do, in regards to your last comment. I actually didn't think about what you meant, just offered a reasonable solution.

So, no, I don't suggest forcing it on people or not letting them know if you did offer such a thing -- of course, by default, you wouldn't do this without telling them. Most user's could install this, or have it installed for them or everyone system wide, yes, and then simply allow them to set their own rules and leave it up to them. Plenty of people can also install a tool like procmail on their own account, as there's no need to be root or install it system wide either. I agree that people shouldn't have a SPAM filter on people's account's without that client knowing and agreeing, but that's just a feature you can offer them, if they want it -- is all I meant. However, I suppose that's a good point to make if a web host was reading this thread and didn't consider that aspect. Cheers.