Results 1 to 27 of 27
  1. #1

    Angry We need more aggressive stance against SPAM

    They way we deal with spam now is way too mild. We do filtering and account reporting but admittingly, it doesn't work well.

    Problems
    1. Filtering on non english spam doesn't work too well.
    2. Account reporting oftens gets an automated reply that the account will be investigated. Annoying more unnecessary emails!
    3. The emails are often faked anyway.

    We need to get to the root of the problem, the origin of spam. These people are trying to sell us something (that's what spam is). I'm suggesting that instead of blacklisting like SpamCop and the like, we hit the spammers right back in their face. SPAM, DOS, flood etc., you name it.

    Make them unable to conduct their spam biz, give them a taste of their own medication.

  2. #2
    Join Date
    Nov 2000
    Location
    Vancouver, BC
    Posts
    283
    i hate spam... but i don't think that's really the best way to go about it really... the bottom line for them is money. the fact that *someone* out there is buying whatever they're selling is giving them reason to continue.. the only "true" answer to to really get to the root of the problem, and educate people. if no one bought from them they'd move on to bigger and better things (like log referral spamming.. *sigh*).

    spammers can setup shop like that. the only way to stop them is to remove their business. unfortunately, with the amount of people who seem willing to support their business model i don't see this ever really going away...

  3. #3
    Join Date
    Jun 2000
    Location
    Alabama of course
    Posts
    1,576
    Sureeeeee


    Lets all just go off and dos attack one of uunets T3's that has a spammer on it... yah thats it! And then then we can all pretend like nothing happend when we knock off thousands of websites from the internet for a few hours just to get one spammer! Yah Awsome man!! But ummm why are there blue lights outside of my house and whats this guy... he says he's from the FBI...

    Sureeeeeeeee your plan will really work!
    KnownHost Managed VPS Specialists
    Fully Managed VPS, Hybrid,and Dedicated Servers
    KnownHost is hiring! Click here for more information!

  4. #4
    Join Date
    Mar 2002
    Posts
    1,003
    .

  5. #5
    Join Date
    Sep 2002
    Posts
    900
    You do realize that what you plan on doing is illegal?

    Continue using SpamCop, I really don't think spamming will ever end.

  6. #6
    Originally posted by DanielP
    Sureeeeee


    Lets all just go off and dos attack one of uunets T3's that has a spammer on it... yah thats it! And then then we can all pretend like nothing happend when we knock off thousands of websites from the internet for a few hours just to get one spammer! Yah Awsome man!! But ummm why are there blue lights outside of my house and whats this guy... he says he's from the FBI...

    Sureeeeeeeee your plan will really work!
    Not really just DOS attacks. Spammers are using forged emails mostly anyway. Hit their sites, their phone lines, their revenue generator. Sure we chuck up huge bandwidth but it's a one shot thing. The spammer will hopefully get the hint or be put out of biz.

    We have to fight violence with violence. Like you don't see policeman just talking to criminials nicely. Anti spam laws are probably never gonna be up anyway.

    I have a friend working in a company who buys CDs of emails and contacts and sends out advertisements on their service. (ie spamming). Imagine if many companies are doing that.

  7. #7
    Join Date
    Oct 2002
    Posts
    122
    Don't fight abuse with abuse. Are you prepared to get disconnected and possibly serve jail time?

    My suggestion is to use blocklists like the SBL and SPEWS. The combined pressure of many people using these blocklists is getting providers to boot spammers. If you look at the big picture, you can see spammers starting to aggregate, and spam unfriendly versus spam friendly sides of the net are forming. As more and more economic pressure is brought to bear on the spam friendly side, more and more of them boot their spammers and join the spam unfriendly side. You have the power to effect change. Use it.

  8. #8
    Join Date
    May 2002
    Location
    UK
    Posts
    2,994
    I think people just need educating. If people stopped buying stuff from SPAM then you've cut off the reason they spam in the first place.

  9. #9
    Join Date
    Oct 2002
    Posts
    122
    Yah, but you're talking about educating people who have the level of intelligence that they buy penis enlargement creams or pills.

  10. #10
    Plus don't forget the whole open relay problem. Lots of spam isn't just on forged headers, it's being forwarded through compromised mail servers.

    As for SPEWS, I consider them more of a problem than a solution. Last time I looked (please advise if this has changed) they would blacklist entire IP blocks, did not consider domain, had no appeals process, no official responsible contacts, and no whitelist. This is not a very effective way to build proper use of the internet--it's just lashing out at spammers, regardless of the innocent bystanders they take down with them.

    Personally, I like hearing about successful lawsuits against spammers--hit 'em where it hurts!

    Ann

  11. #11
    Join Date
    Jun 2000
    Location
    Alabama of course
    Posts
    1,576
    imtrobin... if you couldn't see how sarcastic I was being then you need a new brain... your ideas are outlandish and unrealistic and will easily land you in jail or court.
    KnownHost Managed VPS Specialists
    Fully Managed VPS, Hybrid,and Dedicated Servers
    KnownHost is hiring! Click here for more information!

  12. #12
    Blacklists? Where's that "vomiting" icon...
    I thank my Lord for all His wonderful blessings.

  13. #13
    Join Date
    Nov 2001
    Location
    The Netherlands
    Posts
    29
    It's probably better to get the 'n00bs' detecting spam and not read or click or whatever but just delete the mail. When spammails get more and more ineffective, it will be less interesting to spam for the spammer.

    However, i'm sure if the whole world know how to detect and delete the spammail, the spammers will comeup with something new.
    i don't speak english... i really dont

  14. #14
    Originally posted by DanielP
    imtrobin... if you couldn't see how sarcastic I was being then you need a new brain... your ideas are outlandish and unrealistic and will easily land you in jail or court.
    No, I need a new spam combat policy. Face it, lawsuits against spam are almost never gonna work across international borders.

    I'm talking about hitting the spammers where it hurts - their revenue generator. Of cos, I don't intend to be the one doing the nuke, I'm thinking of some official support from the industry.

  15. #15
    Join Date
    Nov 2001
    Location
    Ann Arbor, MI
    Posts
    2,978
    Spammers are already so fly-by-night, going from one server to the next every day, that I highly doubt that they would even notice if you tried a DOS attack against the place they were for that day.

    You'd just be hurting the poor person who was already the spammer's last victim. Some poor administrator who has been taken advantage of and who is trying to deal with hundreds of spam complaints.
    -Mark Adams
    www.bitserve.com - Secure Michigan web hosting for your business.
    Only host still offering a full money back uptime guarantee and prorated refunds.
    Offering advanced server management and security incident response!

  16. #16
    Not just their severs, their phones, their biz contact..

  17. #17
    Join Date
    Oct 2002
    Posts
    122
    Originally posted by questing
    As for SPEWS, I consider them more of a problem than a solution. Last time I looked (please advise if this has changed) they would blacklist entire IP blocks, did not consider domain, had no appeals process, no official responsible contacts, and no whitelist. This is not a very effective way to build proper use of the internet--it's just lashing out at spammers, regardless of the innocent bystanders they take down with them.
    SPEWS does list entire IP blocks, but not just willy nilly. If a provider signs up a hardcore spammer that easy checking would have revealed as a spammer, SPEWS will likely block the entire /24 that the spammer is known to inhabit, because there is usually no good way to tell just how many IP's the spammer has. The PEW in SPEWS stands for "prevention and early warning".

    With a spammer who is not a well-known spammer, SPEWS will list the single IP the spammer inhabits upon receiving a spam to one of their spamtraps, and a complaint will be sent to abuse@ the apparent provider. The complaint will not identify the complainer as SPEWS. If the provider does not respond and the spammer remains, the block is usually expanded to a /24. If the provider already has spammers or has a bad history, the initial block will likely be larger and any escalations will happen faster.

    There is a way to appeal if there is an error (which has happened a few times). Errors have been fixed very quickly. But it is important to understand that SPEWS is targeting the provider, not the individual IP's. If you don't have your own IP space, you are merely renting from your "landlord" and the IP's are not really yours. Many people use SPEWS because the targeted "block only the spammer" method has been shown not to work. I can't tell you how many providers have come into NANAE pleading to be unblocked because they have "innocent" customers being blocked, and they admit that they never would have booted the spammer if only the spammer was blocked. They never had to let their "innocent" customers get hurt in the first place if they had just booted the spammer in the first place. There are many providers that never get escalated because they have taken measures to ensure they boot spammers very quickly. That is a customer service issue, and it needs to be evaluated by customers along with every other detail of service that a provider offers.

    Whitelists are left up to the individual admins using SPEWS. Certainly it would be a mistake to use SPEWS without whitelisting addresses that you expect to receive critical email from.

    SPEWS has demonstrated that it is responsive using the system remaining in place. Once all vestiges of spammers are gone (and some providers have problems realizing this means *everything*), delisting usually follows within 24 hours. The only purpose to having visible responsible people would be to open themselves to SLAPP lawsuits.

  18. #18
    Join Date
    Oct 2002
    Location
    Port Chester, NY
    Posts
    15
    Originally posted by hostpath.com
    Blacklists? Where's that "vomiting" icon...
    Aren't you the guy who in another thread said that you had a way to stop spam that was better than a blacklist and 100% effective?

    =mazz=

  19. #19
    Join Date
    Sep 2002
    Location
    Mansfield
    Posts
    314
    Trif,
    If you're going to cloud the issue with facts how can we have a mindless screamfest about SPEWS? <g>

    The fact is that SPEWS works.It puts pressure where it needs to be - on the provider supplying the IP space and bandwidth.

    Don't buy from blacklisted providers.
    GUI admin tools have no honor. It is a good day to vi.

  20. #20
    Join Date
    Dec 2001
    Location
    Miami, FL
    Posts
    15
    Hi,

    I have a suggestion for email spam filtering.

    Bayesian Filter

    Here is the details on how it works
    http://www.paulgraham.com/spam.html

    Here is a perl script
    http://popfile.sourceforge.net/

    Here is another
    http://www.garyarnold.com/projects.php#bayespam

    And look at apple!
    http://www.apple.com/macosx/jaguar/mail.html

    These filters are better than the current filters out there.

    Hope this helps.

    -Frank
    Innovativecreations.com
    Unix based hosting.

  21. #21
    Join Date
    Nov 2001
    Location
    Ann Arbor, MI
    Posts
    2,978
    Originally posted by fmadison
    These filters are better than the current filters out there.
    -Mark Adams
    www.bitserve.com - Secure Michigan web hosting for your business.
    Only host still offering a full money back uptime guarantee and prorated refunds.
    Offering advanced server management and security incident response!

  22. #22
    Filters doesn't work well. Spam do get by undetected and there are false positives before. I still end up checking the mail in the spam box to make sure the filter don't make a mistake. It happened before.

  23. #23
    Join Date
    Jun 2000
    Location
    Washington, USA
    Posts
    5,991
    Don't be surprised that if you DOS, or Flood someones network, that the upstream, or another user of that network has an investigation done. 99% of spammers, don't have their own private network connectivity, therefore you're just going to piss off other people.

  24. #24
    Join Date
    Oct 2002
    Posts
    290
    Seems to me that there are only a few types of spammers,

    noobs: got his website and is going to make millions.

    misguided: has a website and actually believes that spam will draw traffic.

    Scammers: Looking for the above to take thier money for mass spam attacks.

    Best solution in my own opinion is consumer education. If you can teach the first 2 types the facts, Type 3 will find themselves out of work for the most part.



    I personally run spamkiller and draw about a 2% false positives, and these are only because I have just about eliminated all the free email services (hotmail, yahoo. etc.)

  25. #25
    Join Date
    Oct 2002
    Location
    Maryland
    Posts
    89
    There are many types of spammers and the post above forgot the Mainsleezers..

    Mainsleeze are the well known kicked off multiple ISPs and setup new company names to get new connectivity from new downstreams and webhosts only to continue their spam runs check out the ROKSO (Registry Of Known Spam Operations) On www.spamhaus.org all of those guys have been terminated from atleast 3 ISPs to be listed...

  26. #26
    Join Date
    Oct 2002
    Posts
    122
    Actually, the ROKSO guys are what are known as chickenboners. They typically abuse open relays, proxies, and formmails. They outright harvest email addresses from anyplace they can get them, and don't try to pretend they are anything but spammers. Attempting to use their "remove links" either doesn't work, or just gets the victim more spam as the address is sold as "guaranteed live". They occasionally manage to look legit enough to sell a harvested list to a mainsleezer while claiming it is "opt in".

    Mainsleeze are the guys who wear suits, have office space, a nice smile, tell you they have "X million opt-in addresses" and practice "permission based marketing", and that you signed up at a "marketing partner" and must have "forgotten you signed up." Their email addresses come primarily from unconfirmed sign ups, which frequently hide the fact that you will get spammed by entering an email address, and they buy and sell and swap lists with each other (the "marketing partners" bit), and sometimes end up buying a harvested list from a chickenboner.

  27. #27
    Join Date
    Sep 2002
    Location
    Mansfield
    Posts
    314
    It's these guys that need to be stopped. I had to break the RFC and blackhole every peice of mail with *greatfamily* in it for the last 2 weeks. The DNSBL bounces were killing the servers, and the slimeballs were moving so fast they couldn't keep up anyway.
    Mind you, these are (4) PIII dual 450's w/ 1GB doing nothing but mail and some DNS.
    I grab about 60-70K peices of spam per day and tag another 2-3K w/ spamassassin. This is absolutley insane, and way over what it was even a year ago.

    Here's the scary part - I'm not a retail hosting company. Wholesale dial, dedicated, colo,bandwidth, and consulting.

    Tell me again to "just hit the delete key"

    Pendragon

    "GUI admin tools have no HONOR. It is a good day to vi."
    GUI admin tools have no honor. It is a good day to vi.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •