A Day In The Life Of A Spammer 313
kaip writes "Internetnews.com has a story of a spammer. The individual sends 60 million spam emails for four days worth of work and claims that one in 19 of AOL users clicks the links in his mortgage spam (this number should however be taken with a grain of salt, see rules 1 and 2). Maybe not
everybody has heard of the Boulder
Pledge... The article also tells how the CAN-SPAM Act,
which legalises spamming, is turning the US into the spam haven of the world. Currently, 86 percent of the total spam volume is coming from the States."
Make unsolicited e-mail cost... (Score:3, Informative)
It's either that or get into the murky waters of concrete identity, and of the two the former is the least opressive regime.
sgalton@galtonhelm.com (Score:1, Informative)
happy now?
My spamproofing (Score:5, Informative)
- reject_unknown_client is on. This means
that a connecting client MUST have a reverse-dns
lookup for its IP, and the resulting name
MUST resolve back into that IP. This alone
blocks most spammers before their client
can even begin to send a message.
- I use xbl.spamhaus.org. This is a wonderful
thing. This blocks not only any box known
to spam, but also any box found to be
infested by some virus, ie zombies.
Once again, this stops them dead before
the message even starts.
- In the unlikely event that they get past
those hurdles, I have a homebrewed filter
that watches for bogus HTML tags, since
they like to intersperse bogus empty
tags in the middle of words in order to
foil content-based filters. This simple
filter actually blocks 90% of anything
that made it that far.
- Spamassassin. The few brave soldiers of
spam that got this far rarely pass this.
I leave this filter near the end because
it's rather CPU intensive...
-
Finally, a simple procmail rule: If my name
isn't in the "To:" or "Cc:" line, file it
as spam.
I haven't seen a spam message in, uh, maybe a year or two?Opt in lists (Score:4, Informative)
That's a bit draconian. I would like to be notified when Blizzard is releasing a new game or the new Glen Cook book is being released. To get this info from the web sites, I would have to poll (check regularly) the web sites. I would rather receive a notification.
The key to this is opt in only lists. One way to do this is to make a server with your email provider that allows you to register an email as requested (bulk mail whitelist). Those can go through. Other bulk mail is prevented. There are other methods as well; that is just one example to handle both.
The real key is no *unsolicited* email advertising. If I request it, I want to be able to see it. Frankly, if a newspaper (to get back to that example) drops off their product unrequested, I would like to be able to prosecute them for littering. Further, a newspaper includes other things besides advertising. Spam does not.
Holy crap... (Score:4, Informative)
And they're sponsored by [specialham.com] our old friends, The Bulk Club [slashdot.org]. Can't we spread a rumour that Osama is actively funding spammers or something?
Re:TDMA (Score:3, Informative)
And when the TDMA user doesn't use SPF or something to block forged envelopes, they spam the world with their "did you send me some email" replies. And the reply template is customizable - so every TDMA spammer is unique. Also, while using a temporary envelope address for their own reply, the system does not work with other systems that use temporary envelope addresses like SRS or SES. The underlying design assumption is that TDMA is the only anti-SPAM measure worth using.
Re:Our love-hate relationship with business-scum (Score:3, Informative)
Maybe 20 a day is not enough.
Re:Spam: born in the USA. Why? (Score:1, Informative)
I don't see how all this adds up to the US providing some obscene proportion of the world's spam.
Re:I don't get CAN-SPAM (Score:3, Informative)
I would guess it's mainly the direct marketing association [the-dma.org] that lobbies for weaker spam regulation. They are opposing a national do-not-spam list [washingtonpost.com], and they're the main reason why the do-not-call list has no power.
Now, they're not that big, but there's not really anyone lobbying against them. At least, not in the ways it counts, through money and people actually in congress talking with congressmen day in day out.
Disposable E-mail addresses (Score:2, Informative)
Then, DON'T ever use your real e-mail address. Make a new DEA for every e-mail address you have to give out, and turn it off if it starts getting spam, or when you're done with it.
Also, use some common sense about where you place an e-mail address.I have to use a DEA for every online purchase, but only once got spam from the account, and rarely get monthly e-mails from the company I bought from - and those opt out easily in my experiance.
Conversly, when I used a DEA for Usenet posts, I got spam in a matter of minutes, but just turned off the account.
Single Purpose Addresses (Score:2, Informative)
http://www.tla.org/papers/spa-ndss03.pdf [tla.org]
Re:My spamproofing (Score:2, Informative)
Most false positives have come from weird mail clients that don't put me on to "To:" line. It's typically some friend doing a "mass mailing" to all his buddies. I don't recommend the ^To:" filter if you're worried about false positives.
The ipcheck/spamhaus stuff, however, blocks delivery completely which is indeed a different problem. But here it gets interesting.
Spammers try to deliver once, and never retry if rejected. By contrast, real mailservers retry if the ipcheck fails (because the reject code is marked as "temporary"). I have a logscanner that tells me if some site has been retrying for 24 hours, and if it looks legit I just add it to the trusted site list.
spamhaus rejected stuff bounces back to the sender. I've has one case of a legit business being bounced this way, but they didn't mind because it revealed to them that they DID in fact have a zombied machine on their intranet that was spamming! Once they fixed that, they quickly got delisted and all was well again.
But in short, since I don't run a business, false positives don't worry me much. If I were to run a business, I think I'd stick to just the spamhaus and bogus-html checks. Spamhaus rbl is very reliable and effective.
Network traffic!! (Score:2, Informative)
Take snailmail junk mail - even though you throw it away anyway, the post office still charges for the postman to deliver it (and pay him) - if he didn't, then he, you and the post office would be a lot better off!
Re:Our love-hate relationship with business-scum (Score:5, Informative)
You need K9.
http://keir.net/k9.html
RM
Re:Our love-hate relationship with business-scum (Score:3, Informative)
I use POPFile. http://popfile.sourceforge.net/ [sourceforge.net]
My current stats:
Messages classified: 9,144
Classification errors: 67
Accuracy: 99.26%
80% of the classification errors were in the first 2 weeks of training - and classification errors are almost always on the "let spam through" rather than "good message marked as spam", so it's not at all dangerous.
It's easy to set up, and includes instructions for popular email clients. Spammers just can't do much to beat something like this.
Yet another content filter - move along (Score:3, Informative)
This is yet another content filter. The real solution to spam will prevent my servers and bandwidth from being overloaded by spam, rather than use even more of it to to accomplish keeping it out of my mailbox. The ultimate solution is to have spammers disconnected from the internet by their ISPs, or disconnect their ISPs if the ISP continue to help spammers steal and waste the resources I pay for. You say you don't have a mail server and don't need to be worried? How much is your ISP charging you? How much is your ISP taking out their own profits to cover the costs of spam you just end up deleting?