What's With All This Spam? 212
coondoggie writes to mention a Network World article about soaring spam levels, confirmed now by researchers, IT managers, and security vendors. So, indeed, it's not just you: October was a spammy month. From the article: "Levine's assumption is this spike in spam levels is a result of a new generation of viruses and zombies that can infect PCs more quickly and are harder to get rid of. In its October report, messaging security vendor MessageLabs says the spike is largely due to two Trojan programs, Warezov and SpamThru. Others say a new breed of spam messages called image spam -- messages with text embedded in an image file that evade spam filters, which can't recognize the words inside the image -- is responsible." A note: I have no interest in penny stocks.
Commission (Score:5, Interesting)
Re: (Score:3, Informative)
I use GMail (Score:4, Informative)
Oh, my spam folder? Over a hundred a day, but as I recall, Gmail has miscategorized maybe 2 or 3 messages as spam during the entire time I have used it. Unless I am expecting something, I rarly check the spam folder at all.
Comment removed (Score:5, Informative)
Ameritrade (Score:5, Informative)
Domain owners: Set up SPF NOW!!! (Score:5, Informative)
Domain owners: Set up SPF NOW!!!
I set up SPF on my domains and the number of bounces from spoofed SPAM dropped dramatically.
Do not wait any longer, do your duty to the internet community: Set up SPF NOW!!!
Re: (Score:2, Funny)
I mean, is SPF 15 good enough? I have fair skin, so I've always used SPF 45.
Also, which brand is preferable? Coppertone?
Re: (Score:2)
I still believe can still help, even though you're right. For any given person, the spam goes from the spamming (probably zombie) machine to that machine's ISP, then to the destination machine's ISP, then to the destination machine. Ordinary mail usually hops through an "administered mail relay" twice, and each of those hops is an opportunity to kill it with SPF. There has been much made of ISPs who know their users are spammers, but given that we're talking about
Reverse OCR (Score:5, Interesting)
At work we use spam assassin with a gpl OCR plugin, however, it's getting foiled by intentional added noise in the images. I propose we come up with a way to detect these non-character elements (noise) in the associated spam images instead of just trying to OCR the text. The noise I've seen seems to be like it should be easily detectable.
"Begun, this Captcha Wars has."
-Yada
Re: (Score:2)
I just use spamassassin with a bunch of the pyzor/razor/dcc checks and it does a pretty good job, but these types of spam are still getting through too often.
Re: (Score:2)
Re: (Score:2)
No, we're not using FuzzyOCR but it's on our list of things to experiement with. Although FuzzyOCR is better at reading text buried in a noisy image, I'm thinking that the noise itself is what we should detect. The presence of a noise of a certain signature could be a good indication of a message's spam probability. The common "chicken scratch" noise I think would be easy to detect. Short, straight lines at varying angles and placements that bare no relation to eachother would count as the "chicken scr
Don't be so smug (Score:5, Informative)
Re: (Score:2)
I'm sorry, I feel for your plight. But I just couldn't resist the recently-dethroned Ted Stevens reference.
SpamAssassin is too costly. (Score:5, Interesting)
Most of mine get binned with a 554 "You're not localhost"
Some spammer is using an email address of mine to send spam from. So I get the people writing back, asking why I am sending them spam. And another of my domains is obviously listed somewhere as a domain where guessing user accounts might be a good idea. So I get cqoiecn@mydomain.com, zqopqwn@mydomain.com, etc. It all just sucks. I'm currently getting about 10 spams per minute.
Re: (Score:2)
a couple of tricks... (Score:2)
1) I use spamc/spamd instead of invoking spamassassin directly - big save on a busy server.
2) Limit the size of emails being scanned - spammers usually use small messages since larger ones are more expensive (cpu and network) to send. This will probably change someday since botnets reduce this cost.
3) Limit the number of spamc/spamd invocations to 1/user
Re: (Score:2)
I use a three-tier approach.
Tier 1 is OpenBSD's spamd, which has a static block list. This is updated nightly based on anyone who has sent mail SpamAssassin flagged, and a couple of external sources. Anyone on this blocklist gets tar-pitted and it takes a long time for them to receive the block message. Spamd is very low resource usage, and can tie up a few thousand connections without any noticeable impact on system load on a moderately modern machine.
Tier 2 is Sendmail, which has blocks everyone on
Re: Sender Stores systems. (Score:5, Interesting)
I'm working on a sender stores system for a distributed social networking software called Appleseed [sourceforge.net] based, in theory, on Internet Mail 2000 [im2000.org]. I figured early on that since the system was distributed, which means that anybody could set up an Appleseed social networking "node", that it would suffer from the same problems as any mail system if I used the standard reciever-stores system.
I don't harbor any illusions about a sender stores system being able to eliminate spam entirely, but the reason I went with it, especially after reading this indepth critique [psg.com], was that it created a system of accountability. You may not be able to stop spam, but you have much better tools for knowing exactly where the spam came from.
The disadvantage is that it becomes, ideologically anyways, incompatible with current email systems. I consider this a small price to pay to allow admins to have better control and protection over their systems.
The system I'm building is rudimentary for now, and only uses direct HTTP->HTTP connections to send notifications and retrieve messages, and won't have any of the fancy abilities that email has right now, but it's a start, and there's no reason that those features can't be added as it evolves. It's gonna be a big experiment, and I'm expecting a whole lot of unforseen issues, but this whole project is a big experiment, so I'm excited about the possibilities in general.
i have no confirmed proof other than ethereal logs (Score:5, Interesting)
Re:i have no confirmed proof other than ethereal l (Score:2)
Devious Plan (Score:2)
Not just october (Score:4, Interesting)
Essay / Short Story Spam (Score:5, Interesting)
Re:Essay / Short Story Spam (Score:4, Informative)
Re: (Score:3, Interesting)
Or else somebody has a really weird sense of humour.
Not "detraining" (Score:4, Insightful)
What they're more likely to succeed at is not detraining the filters but overtraining them. By sending innocuous text and getting it trained as spam, your filter is more likely to mark normal mail as spam, thus increasing the level of false positives and resulting in a filter which marks spam, but isn't terribly useful.
At least, that's the theory, and the more likely goal. I use SpamAssassin, and I generally train on these anyway. I don't see many false positives, and of those I do see, very few (if any at all in the past year or so) have been attributable to the Bayesian portion of the analysis.
YMMV.
Re: (Score:3, Informative)
SPF (Score:4, Insightful)
The moron moderator who rated "Domain owners: Set up SPF NOW!!!" as offtopic needs to get a clue. SPF: Sender Policy Framework [openspf.org] is used so you can filter out forged mail. The recent flood of stock-pumping spam used many forged domains in the "from", and if you filtered on SPF, you wouldn't have seen as much spam.
I might add, it would be nice for people to REJECT spam rather than BOUNCE it. When you bounce it, innocent domains get an email complaining about the forged email. With these spambots, it adds up quick! Doing a reject also allows legitimate senders to discover their email was not delivered.
SPF (Score:4, Interesting)
But I haven't got it working in Postfix yet, so I can't benefit from other's SPF records.
Re: (Score:2)
Now if only PlusNet would get a clue and allow people to add TXT records to their DNS entries, rather than just A, CNAME and MX... *sigh*
Re: (Score:2)
The Pump-n-Dumps are a problem, (Score:2)
Re: (Score:2)
More true than you realise. A few months ago, when I noticed the increase of stock spam, I tried tracing the history of a few of these scams. There was no clear pattern; some went up, some went down. And the volume of trades on each was so small that a very lucky investor could only have made a few hundred dollars.
A shame; I'd been thinking about setting up a tar pit and automating it to get in on the scams early...
Greylisting helps (Score:5, Interesting)
As a result, using greylisting results in filtering a HUGE amount of spam out since it fakes a temporary failure from any new server connecting and waits for the server to try sending the mail again after a defined delay (according to the RFC, mailservers are supposed to try sending again if they get this temporary deferral).
I set this up on my primary server (ubuntu with postfix) and saw a 99% decrease in spam since none of the zombies care enough to try connecting again. By the time a zombie gets upgraded to be wise enough to evade this, it is likely to fail all kinds of other spam tests anyway (referring mainly to blacklists, though blacklisting can be extremely evil by nature).
If you run a mailserver, definitely look into setting this up. The wikipedia article explains the low-risk nature and exactly how it works: http://en.wikipedia.org/wiki/Greylisting [wikipedia.org]
Re: (Score:2)
Pump and dump (Score:5, Interesting)
I then called the enforcement division of the SEC and said I had the name and contact details for a company that was responsible for sending a number of unsolicited pump/dump email spams to me. I also told them that I had email from the spammer himself confirming that they'd done the deed. It wasn't some innocent bystander, but the people that actually SENT the mail. I was sent to a voicemail box and assured that I'd be called back. It's now about 2 weeks later and nobody ever called me.
And people wonder why there's so many of these vermin...uh, it's practically impossible to get caught!
Re: (Score:2)
Re: (Score:2)
The other annoyance is why they have to send me 15-20 copies of each of their garbage emails. Earlier this week it was a clothing company. Now it's some petroleum company.
They seem to have dropped their earlier format: price now $x, reached $y in last (pump'n'dump) campaign. But since $x is always much less than $y, it's obvious somebody made a hell of a lot of money on the way up, and somebody lost a hell of a lot when it tanked.
...laura
Re: (Score:2)
I investigated a few companies that had been spammed in this way, but I couldn't find any correlation between stock price and spam. Some of the companies went up, and some went down, just like un-pumped stocks.
Re: (Score:3, Interesting)
I just looked one of the companies (the petroleum one) up on NASDAQ [nasdaq.com], and while their share price was up yesterday, then down today, the interesting thing is the way the stock has traded more in the last two days than in the entire previous year. By several orders of magnitude, in fact.
Until May this year the company was worth approximately nothing (10 cents a share). In the last two days they pumped it from $2.95 up to $10.10, then dumped it down to $4.00. On 60,000-odd shares traded, somebody made a lot
I agree that SPF appears necessary (Score:2, Interesting)
Re: (Score:3, Insightful)
Please don't tell me what I do and do not need to do.
Filter by IPs (Score:5, Interesting)
Spammers put garbage in the message body, subject, other headers, etc. in order to fool the spam filters - and unfortunately, they are often pretty successful.
But one thing they cannot change is their IP addresses. I wrote a script to parse my mail and save the IP addresses (or more precisely, their first two numbers - e.g., 213.186) that appear in spam messages, but not in normal ones. Then, I run another script on my incoming mail - which marks the message as spam if it contains a blacklisted IP address.
I update the list of IPs once in a while, and it works pretty decently. Right now, I have about 4,500 items in the list - each one corresponding to a range of 256^2 IP addresses - so it's about 7% of the whole address space (kinda scary). It blocks about 2/3 of spam, with almost no false positives. Most of my spam is also marked by the SpamAssassin (or whatever the mail server uses) and automatically moved into the spam folder, so I just run the script once in a while, and it "learns" on its own.
Re: (Score:2)
I was always led to believe that the IP on a spam is as worthless as the rest, since it's easily spoofed. Maybe I need to return to the textbooks.
Re: (Score:2)
what's with all this complaining? (Score:3, Insightful)
what propagates without knowing? window boxes
who's to blame for all this? windows boxes
what's never gonna solve it? windows boxes
who's gonna get most of this spam? windows boxes
solution? no more windows boxes
In case you're not getting enough... (Score:4, Funny)
Re: (Score:2, Funny)
Domain owners: Don't bother (Score:4, Interesting)
Re: (Score:2)
"You do see perfectly genuine mail from my domain, from machines other than mine."
Entirely true. However, this doesn't make SPF worthless. It means that, for domains where mail should only be coming from specific mail servers, SPF still helps. We're in the process of setting this up at work; we now have SMTP servers that support authentication over TLS. For e-mail from my work address, I can connect to those servers, authenticat
Re: (Score:2)
SPF Does Not Seem to Work (Score:5, Insightful)
I have not noticed that it helped at all in my case. I have a postmaster account set up with my host that catches all the replies to spams that are sent spoofing my domain. The number seemed to drop in the first week or so after I set up SPF, but it's now back up to an average of 500-1000 per day, and that's just the automated replies I'm seeing.
I assume the number of spams being sent is much higher, by orders of magnitude.
From the other comments, it seems possible that I'm misinterpreting the responses. Are they merely an indication of "success"? In other words, are they all just automated responses from the mail servers that correctly figured out (via SPF) that someone was spoofing my domain? This seems illogical, since I'm not sure why a mail server that figured this out would bother with an automated response. Such a policy would double the traffic associated with each "success", which is why it seems illogical to me.
In addition, of course, I see "out of office" and similar replies from individual mailboxes. Are these merely the indication of mail servers that have not implemented SPF on their (receiving) end? While that doesn't seem illogical, it seems just too easy. In other words, this issue has made me a little paranoid, and I just want to make sure I'm not relying overly much on SPF.
Are there other tools I could/should be using?
BTW, I've never, ever received a spam that spoofed a real domain of a large organization. I've seen lame phishes like paypal5.com, but never anything exactly like paypal.com, for example. It's hard to believe that the big guys are 100% successful with just SPF. Am I just being paranoid again?
Thanks in advance!
Re: (Score:2)
Very, very few mail servers check SPF. It would not be possible to rely overly much on SPF.
At QuantumG - Short Story SPAM (Score:5, Interesting)
Re:Reverse OCR (Score:3, Informative)
I use a plugin called FuzzyOcr [apache.org], and it handles animation and noise very well. Unfortunately the OCR itself isn't great, so it reads a lot of gibberish. FuzzyOCR compensates for this by being very liberal with its string matching (hence the name). The nice thing is, it correctly identifies the vast majority of the image-based spam I receive. Unfortunately, it's very easy for it to identify false positives. So far I haven't had this problem, but you might, especially if people often send you screen shots.
How to filter out image spam (Score:3, Informative)
Re: Essay / Short Story Spam (Score:3, Interesting)
In addition to the bayes poisoning explanation goofy183 posted, I suspect that some of them started out as the distraction portion of an image-based spam, but the attached images were either stripped out by a relay or left off in the first place by broken spam software (like the stuff you used to see from time to time from %RNDUSER advertising %RNDADJECTIVE %RNDNOUN).
Parent [slashdot.org]
I think you're all missing the point (Score:2, Interesting)
Don't you people know that the bad guys can program too?
I'm amazed these anti-spam companies don't have their own private small armies of grey-hats trying to break their own products. I swear half these stupid ideas would just go away.
Personally, I think it's time we move to a completely different mod
Re: (Score:2)
Cells use whitelisting.
Whitelisting does not work for letting your new customers email you.
next idea ?
Re: Filter by IPs (Score:3, Informative)
Sure they can. They've got access to botnets of random compromised PCs sitting in homes and offices around the world. If they find one being blocked too much, all they have to do is send the commands to another one. It's legit mailers, who have anywhere from one to a few dozen outgoing servers (depending on the size of the organization) who can't change their IPs.
The list you're putting together is probably mostly a mix of spam-friendly ISPs and residential/small business DSL/cable IP blocks. The reason you're not seeing many false positives is that most legit home users send through their ISP's mail server rather than directly to you, so you don't see that their IP is on your list.
Parent [slashdot.org]
Re: (Score:2)
Yes, but those compromised PCs and ISP home user gateways are not sending us legitimate email. A legitimate email from the guy who owns the PC will be coming out through his company/ISP mail server which is unlikely to be the same.
Re:Domain owners: Set up SPF NOW!!! (Score:2)
While I agree that it will help prevent forgery of your own domain, it doesn't really prevent the spammers from setting up SPF records for their domains with really loose rules, thus circumventing the "I know who sent this" part of SPF.
And, not to be too negative, SPF still doesn't have a good solution for secondary delivery (BackupMX, email forwarders, etc).
If you're still positive on the technology, you might want to co
Tell the truth (Score:5, Insightful)
Is there any chance whatsoever that we might somehow convince people to start telling the whole truth?
This description is almost a lie. This is not malware for PCs. This is malware for Windows. Not Linux, not 'PCs', Not Mac, Not Amiga, BeOS, Wind River, Next, BSD... whatever.
I'm not bashing, creating FUD or anything else. This Is Not A Trap. I'm just sick and tired of being painted with the same brush as Windows. The 'PC Virus' term is misleading; it makes my life a lot more difficult when I have to go to great lengths to explain to people that, actually, almost all of this malware only affects Windows and the software that runs on it.
Try to imagine how Bayer would have responded if the poison Tylenol scare in the late 80s were characterised in the media as 'poison headache remedy'? They would have freaked, and consumers would have, too. Journalists have a duty to report accurately and completely on issues that affect us, and this intellectual laziness is starting to look more and more like dishonesty as time goes on.
you're right, but people don't see the difference (Score:2)
Re:Domain owners: Set up SPF NOW!!! (Score:4, Informative)
How do spammers make money? (Score:3, Interesting)
Ignoring for the moment your admission of guilt, how did you make that $20k/day?
Who was paying you?
Why don't the BB companies enforce TOS? (Score:2)
Now - that is a web server, something fairly innocuous which I SHOULD be able to run if I want to.
Meanwhile, we have SPAM zombie Windows boxen spewing tons of crap out their ports, acting exactly like outbound mail servers, sending junk nobody wants, and the user doesn't know...
I wo
SPF isn't supposed to block spam (Score:3, Interesting)
And this is a problem because... you can validate it, know that the spam really came from the spammer's own domain, and blacklist them. No, wait, that isn't a problem.
SPF was never about stopping spam, or about bypassing filters. It was about identifying forged senders at the domain level. It happens that there's a high correlation these days between the two, and in the long run knowing whether the sender is valid will be a useful piece of input in spam filters. And of course spam is what gets the headlines.
If you have some way of validating that the sender is who they say they are, you can do a number of things:
The main problem is that neither SPF nor DomainKeys has reached critical mass. Not enough places have implemented them, and implemented them strictly, for it to be worth checking. Not enough places are checking for it to be worth implementing.
Part of it is inertia. And there are still two main problems: forwarding services and road warriors. Both have solutions. You can have an SPF-aware forwarder, or one which implements DomainKeys. You can set up SMTP-AUTH on the submission port and remote users should theoretically be able to send using the home server (unless the network is brain-dead and blocks port 587 in addition to 25. And I have no doubt that they exist).
Whether SPF will prove useful in the long run is, I think, still up in the air. But saying that it's useless because spammers have "adapted" to it is missing the point.
Image spam? (Score:4, Interesting)
Anyhow, I'm seeing a massive increase in spam since late September. While our filter is effective, the sheer volume has meant that many more junk messages are getting through. I think that what a lot of people fail to realize is that while the problem of spam can be dealt with effectively for personal email, especially if you take advantage of an online service like gmail, it's a totally different ballgame in the corporate world where spam is a tricky and costly problem. Work email addresses get published (thus harvested) for a number of legitimate reasons, and once mailbox is on the radar it seems like the rest of them start getting sucked in. Some employees can effectively ignore their junk boxes, but others simply can't -- it can be costly to miss an email. This reduces spam filtering for these employees to a simple ranking system: "here are messages that are probably legit and you should look at right away, and here are a whole shitload of messages that are probably junk but there might be an important one in there somewhere."
My organization is relatively small, and we don't benefit from hundreds or thousands of users training the filter. Thus when there's a large increase in spam that's getting through, it can take the filter a while to learn to block them effectively. During this time it's not uncommon for the occasional legitimate message to be sent to the spam filter by a user who doesn't notice it tucked into the 75 new messages in his mailbox, and this makes matters even worse. Finally, it's really hard to get users to send their junk mail to the filters, even when you've got it setup as a simple drag & drop procedure that's just as easy as deleting. If you can only convince a percentage of your people that training the filters actually works and is important, and you only have say 50-100 employees, then you may not have near the support required to really make Bayesian filtering work to its potential effectiveness.
Anyhow, over here we've seen a huge increase in spam, with some email-heavy users who used to get 10 in their inbox per day now getting 30 to 50 or more, and with potentially hundreds going to junk boxes. (this has decreased, I think things have settled down during the past week) We run a variety of filtering measures including header checks, DNS blacklists, and Bayesian analysis but just enough spam is able to get through on a daily basis to make things difficult. Back to my original topic: virtually none of the spam getting into user inboxes has been image spam, and only a small percentage of blocked spam is image spam.
Stats from last thirty days here: Messages Processed: 91588, Spam: 72881, 80%. A large portion of our legitimate messages are internal, which are not "filtered", but still counted by the system. A large number of spam messages are getting through, so I would conservatively bump that percentage up to 83-85%.
What an absurd problem. I'm going to have to put more effort into reducing its affect.
Re:Domain owners: Set up SPF NOW!!! (Score:2)
Re:Tell the truth (Score:5, Interesting)
In other words, I suspect it's probably not a great long term plan to be smug about windows vulnerabilities causing all of the problems. It will continue to be one, for sure, but the spammers have other tricks which are contributing to the problem
Re:Why don't the BB companies enforce TOS? (Score:3, Informative)
Spam botnets now have so many client machines that Joe Spammer only needs to send out 10 or 20 messages per system per day, and he sends them out slowly.
As soon as a solution seems "obvious" to "everyone", the spammers have moved on. I work for a university, looking after IT Security. We still get people ask us why we don't do bayesian filtering on our ~700,000 emails per day (hint: when 85% of your email is spam, it doesn't help much) or OCR (1: CPU load++, 2: spammers now use animated gifs with noise, split in the middle of rows and re-layouted with HTML).
Spam-detection vs. captchas (Score:2)
As new versions of spam-filters get upgraded to detect text inside graphics and analyze it along with other text for spamminess, the spammers will, no doubt, start using "captchas" to make the detection harder.
Research on the detection will then improve (much of it -- in Open Source), allowing the spammers to defeat the captchas currently used on web-pages...
Information wants to be free, but there is something about keeping your designs secret from the enemy.
re: Image spam? (Score:3, Interesting)
(I'll echo others here: where is the threading?)
The problem is, spam isn't just an image now. It's:
Throw in random prose, and you're not only tricking rules-based filters, but de-training bayesian filters.
Re: (Score:2)
How is that de-training anything? How much legitimate email do you get using the words: buddhist, sullen, lowhanging, howled, fires, sobbed, unfathomable, chime, trooping, flirt, chant, heavyduty, riotous, graphically, vanquished, merriwether, emissary, alanding, smote, afloat, scarves, blockaders, dissonance, demons, brethren, plaque, gleaming, trembling, galileo, militant, fusty,
Image spam... (Score:2)
It does jack the server loads up, as you'd expect. Fortunately, one of the features that it uses is that it keeps a hash value (an
Re:SpamAssassin is too costly. (Score:2)
Some spammer is using an email address of mine to send spam from. So I get the people writing back, asking why I am sending them spam. And another of my domains is obviously listed somewhere as a domain where guessing user accounts might be a good idea. So I get cqoiecn@mydomain.com, zqopqwn@mydomain.com, etc. It all just sucks. I'm currently getting about 10 spams per minute.
Yes, I'm getting this too...
Bounced emails to guessed email accounts. But with forged headers saying that I'm the sender. I know th
re: SpamAssassin (Score:2)
Yes and no. I use SA on my mail server with the additional SARE plugins. SA does recognize email with an attached GIF but really, it cannot detect much else beyond that. An attached GIF on a seemingly spam-like message (on my system) counts as 1.3 out of
I've given up and offloaded to POSTINI (Score:2)
Re:Ameritrade (Score:2)
</sarcasm>
I don't own an Ameritrade account, don't publish most of my addresses, and I'm still getting a barrage of penny stock spams. So, I don't believe the Ameritrade break-in is behind this.
However, I'm about to ask my lawyer if it's legal to short them.
Re: I use gmail (Score:2)
Re:Domain owners: Set up SPF NOW!!! (Score:2)
August 2005:
November 2006:
I really don't want to get rid of them, as they have otherwise spectacular service with ginormous amounts of
Aliases to track infections (Score:2)
At least I know who the offenders are and can delete
Rule/filter to remove gif spam (Score:2, Informative)
If the "content-type" header contains "multipart/related", classify as spam (and not in address book, previous recipients, etc).
Don't know exactly what this implies, but seems to be working for me, otherwise I would be getting tons of gif spam that passed my server's spam assassin and my e-mail client's bayes filter.
Whitelisting is the only long-term answer (Score:3, Insightful)
Reputation systems that assert "x is not a spammer", perhaps with some delegation, is the only long-term answer. Blacklisting was a decent heuristic for a while, IMHO, but it is now approaching end of life.
But whitelisting will require authentication. Are you openpgp-signing your mail yet? If not, then you're part of why whitelisting can't take take off yet. You're part of the spam problem.
BTW, one thing I don't get about image spam, is how they get the receivers to look at the image. When I receive a spam, especially one with a lot of nonsense text, it doesn't even occur to me to examine the attachments. It's not so much paranoia about a libpng buffer overflow or something, as it is lack of curiosity.
All I can think of, is that there is some popular email client out there, which shows attached images automatically whether or not the user expressed an interest in the attachments. If that's what's happening, then that email client needs a patch.
Re:Bayesian training (Score:2, Interesting)
It's extremely frustrating. I have been looking at the source of them to try to find something common to filter on with procmail but they are encoded MIME attachments which I'm not
Block images (Score:2)
Why bother analysing the images? Block all email with attached images. Whitelist your friends and usual correspondents in case some insist on using "stationery" or sending images.
Filter on MIME type multipart/related and .gif (Score:5, Interesting)
Translate rules as necessary for your favorite mail client.
Re:Commission (Score:2)
Re:Greylisting helps (Score:3, Insightful)
1/3 less spam is still waaaaay too much spam. I'm afraid that even though greylisting is a smart trick, it's not sustainable. Then again, I'm beginning to believe there's *NO* long-term way to slay SPAM, that it will be a permanent back-and-forth battle for years or decades.
Re:SPF (Score:2)
It would be nice, but unfortunately, that runs counter to the time-tested design of essentially every Mail Transfer Agent out there.
Any decent MTA will carefully ensure that the incoming mail message is written out,
image based spam (Score:3, Informative)
Spam spammyspam spam (Score:2)
Re:Pump and dump (Score:2)
Please, oh please, post the name, email, telephone number, adress, etc of these bastards right here on Slashdot.
Remember the last time this happened? The post office complained to the spammer that they have to send an entire car to his home - twice - just to deliver the endless amount of letters, offers, catalogues, etc - all which he had apparently subscribed to... >:)
If we find anything about these morons - and can confirm them to be spammers - let's post them here. A
Windows zombies (Score:2)
Still Spam-Free... (Score:2)
October was a spammy month? Hrm. My condolences.
No bayesian training, no spam filters, no whitelists, no blacklists, and my MX is wide open: no DNS blacklists either.
Oh well. My condolences for those of you who can't use one-off aliases and keep perfect control over who has which alias and where.
Re: (Score:2)
Alow me to introduce myself. I am a user that sends gifs as part of HTML email.
Nice to meet you.
Except you can't see my mesage!
--------------030401050800030004040105
Content-Type: image/gif
Content-Transfer-Encoding: base64
Content-ID:
R0lGODlhyACfAOf/AP1mDflqC/lpGfRsF/BvIOxyIOtyKPxsH
Re: (Score:2)
One of the most interesting parts about it is the availability of the 'exists' function. By placing an 'exists' statement in your spf record and using some of its variables, you can actually record in your DNS logs what IP addresses are sending email from your domain. You can also see what users are sending from what IP addresses [and what accounts are bogus]. This only
Re: (Score:2)