I don't know, whether this is such a brilliant idea - if this gets widely adopted it can't be long before some idiot will get the idea of paying for a spam to "advertise" one of his competitors just to get HIS site blocked...
I see loads of abuse potential here... While AOL might be smart enough not to block sites like microsoft.com or ebay.com if they showed up in a spam, it could be a knock-out blow to relatively small and medium (and hence little known) companies on the web.
I don't know, whether this is such a brilliant idea - if this gets widely adopted it can't be long before some idiot will get the idea of paying for a spam to "advertise" one of his competitors just to get HIS site blocked...
I'm sure AOL won't block any joe-jobbed targets but only bulletproof servers hosted at Chinanet, Telecom Malaysia, Procergs.com.br etc. which have been spamvertised by known spam gangs.
This is *really* a good idea - Alan Ralsky uses several "throw-away" domains per spam run, but only a handful of different servers to host his crap. Null route these and Ralsky can enlarge his own penis.
But in this case we're back to square one - we're already fighting KNOWN spammers like Ralsky...
There's nothing new in that. But do you seriously think, AOL will pay dozens of employees to find out just WHETHER a spam is "legit" (in the sense that it's really advertising the target site) or "fake" (in the sense that the real goal is to get the target site blocked)? This will become some seriously tough piece of work!
And it's kind of doubtful, whether it will help or not.
Also - surfing TO a website just to find out whether it's a spam site or not is nowadays also giving away WHO is doing the surfing. By now I get more and more spams that have my email address encoded in the host names of the target site, e.g. the first part of the host name http://sx1piznvxr0svy.froidnet.com/ sx1piznvxr0sv y is beh@icemark.ch (a replaced with z, b with y,..., y with b, z with a, 0 with @, and 1 with '.' -- and the whole thing in reverse).
So by now we are in a situation, where not just 'unsubscribe' lists are a way for a spammer to check the validity of our email addresses - no, even the host name we use to 'look at their "great" sites' give our identities away.
It'd be really great if some people would finally clue in that the more successful spammers are actually pretty smart as well! (unfortunately for us though)
Right now I think the best policy is still the passive filtering of incoming spams.
- Filtering destination sites will open doors to abuse in terms of using fake spam to block unwanted sites...
- automatic downloading of spamvertised sites will confirm which addresses are "good".
The latter idea MIGHT still be workable, since the spammer will also get to know WHO has spam-scanners installed (provided the automatic download of the page actually has the name of the spam-filter in the User-Agent header field of the get request). That way the spammer would also be able to drop email addresses blocking his sites. On the other hand, this has one very big issue with it - if the spammer filters out these addresses for his sales, he could at the same time COLLECT these addresses for DDoS uses...
No - PASSIVE measures are the only GOOD solution we have. Spam-Filters in addition to tar-pits slowing the the spam delivery...
Everything else will - as sad as it sounds - open way to many doors to abuse!
But in this case we're back to square one - we're already fighting KNOWN spammers like Ralsky...
We only blacklist his spamvertised hosts on SPEWS, Spamhaus and other DNSBLs to prevent the bulletproof hoster from sending email. Use the same DNSBLs in a HTTP proxy or a router and the spammer's servers are "invisible". If a spam filter can check spamvertised targets against DNSBLs, it can recognise a lot of spam emails which otherwise might get through.
But do you seriously think, AOL will pay dozens of emp
> They rely on content filters and their users determining if an email is legit or not.
And - how would a content filter find out whether the content of the spam would actually try and sell the product listed in the spam, or whether it's advertising a product listed on the target server in the hopes that the target server gets blocked?
You *can't* read the true motives of a spam out of its content...
But in this case we're back to square one - we're already fighting KNOWN spammers like Ralsky...
There's nothing new in that. But do you seriously think, AOL will pay dozens of employees to find out just WHETHER a spam is "legit" (in the sense that it's really advertising the target site) or "fake" (in the sense that the real goal is to get the target site blocked)? This will become some seriously tough piece of work!
I get joejobed, first thing I do is call my ISP. If someone complains about spam, first
Also - surfing TO a website just to find out whether it's a spam site or not is nowadays also giving away WHO is doing the surfing.
Not necessarily. An automated email filter could throw those URLs into a little dogpen for some DDOS action:) Not a good idea for the same reason stated previously, that I could start sending out spam advertising for mycompetitor.com
Methinks that blacklisting the spammers is a good idea if (only if?) whoever is maintaining the blacklist is smarter and sneakier than the spammers. I suspect that anything automated will do more harm than good because there will always be ways to use it in ways that were not originally intended. Automated tar pits might be workable. The first few go through normally but the more that try, the slower the system gets. Reporting spam could work, but you need a cadre of more or less anonymous volunteers who in
Is this a *smart* idea? (Score:5, Insightful)
I see loads of abuse potential here... While AOL might be smart enough not to block sites like microsoft.com or ebay.com if they showed up in a spam, it could be a knock-out blow to relatively
small and medium (and hence little known) companies on the web.
Re:Is this a *smart* idea? (Score:5, Interesting)
I'm sure AOL won't block any joe-jobbed targets but only bulletproof servers hosted at Chinanet, Telecom Malaysia, Procergs.com.br etc. which have been spamvertised by known spam gangs.
This is *really* a good idea - Alan Ralsky uses several "throw-away" domains per spam run, but only a handful of different servers to host his crap. Null route these and Ralsky can enlarge his own penis.
Re:Is this a *smart* idea? (Score:5, Insightful)
There's nothing new in that. But do you seriously think, AOL will pay dozens of employees to find out just WHETHER a spam is "legit" (in the sense that it's really advertising the target site) or "fake" (in the sense that the real goal is to get the target site blocked)? This will become some seriously tough piece of work!
And it's kind of doubtful, whether it will help or not.
Also - surfing TO a website just to find out whether it's a spam site or not is nowadays also giving away WHO is doing the surfing. By now I get more and more spams that have my email address encoded in the host names of the target site, e.g. the first part of the host name http://sx1piznvxr0svy.froidnet.com/
sx1piznvxr0s
So by now we are in a situation, where not just 'unsubscribe' lists are a way for a spammer to check the validity of our email addresses - no, even the host name we use to 'look at their "great" sites' give our identities away.
It'd be really great if some people would finally clue in that the more successful spammers are actually pretty smart as well! (unfortunately for us though)
Right now I think the best policy is still the passive filtering of incoming spams.
- Filtering destination sites will open doors to abuse in terms of using fake spam to block unwanted sites...
- automatic downloading of spamvertised sites will confirm which addresses are "good".
The latter idea MIGHT still be workable, since the spammer will also get to know WHO has spam-scanners installed (provided the automatic download of the page actually has the name of the spam-filter in the User-Agent header field of the get request). That way the spammer would also be able to drop email addresses blocking his sites.
On the other hand, this has one very big issue with it - if the spammer filters out these addresses for his sales, he could at the same time COLLECT these addresses for DDoS uses...
No - PASSIVE measures are the only GOOD solution we have. Spam-Filters in addition to tar-pits slowing the the spam delivery...
Everything else will - as sad as it sounds - open way to many doors to abuse!
Re:Is this a *smart* idea? (Score:3, Informative)
We only blacklist his spamvertised hosts on SPEWS, Spamhaus and other DNSBLs to prevent the bulletproof hoster from sending email. Use the same DNSBLs in a HTTP proxy or a router and the spammer's servers are "invisible". If a spam filter can check spamvertised targets against DNSBLs, it can recognise a lot of spam emails which otherwise might get through.
But do you seriously think, AOL will pay dozens of emp
Re:Is this a *smart* idea? (Score:5, Informative)
And - how would a content filter find out whether the content of the spam would actually try and sell the product listed in the spam, or whether it's advertising a product listed on the target server in the hopes that the target server gets blocked?
You *can't* read the true motives of a spam out of its content...
Re:Is this a *smart* idea? (Score:2)
I get joejobed, first thing I do is call my ISP. If someone complains about spam, first
Re:Is this a *smart* idea? (Score:2)
Also - surfing TO a website just to find out whether it's a spam site or not is nowadays also giving away WHO is doing the surfing.
Not necessarily. An automated email filter could throw those URLs into a little dogpen for some DDOS action:) Not a good idea for the same reason stated previously, that I could start sending out spam advertising for mycompetitor.com
Re:Is this a *smart* idea? (Score:3, Informative)
Re:Is this a *smart* idea? (Score:2)
This looks like a handy cover for AOL to block anything it deems not PeeTsee [google.com] enough.