Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Slashback

Spam Archive opening FTP service December 4 209

Saint Aardvark writes "The FTP archives for spamarchive.org will be opening on December 4, according to this Wired article. But there already appear to be some archives available." I tried saving my spam for awhile just for giggles, but seeing that file grow to 100+ megs made me so angry I had to delete it. Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!
This discussion has been archived. No new comments can be posted.

Spam Archive opening FTP service December 4

Comments Filter:
  • I wonder (Score:3, Interesting)

    by Woogiemonger ( 628172 ) on Friday November 29, 2002 @09:32AM (#4779627)
    Wouldn't this spam archive be a form of free advertising?
    • Re:I wonder (Score:2, Insightful)

      by paschimghat ( 626362 )
      Absolutely. At any rate I fail to understant what all the hoo ha is about. This is about freedom. Abuse of freedom is an inevitable other side of the coin. All snailmail boxes in North America are full of spam mail. The bloody thing keeps postal workers and printers in business. It's enterpreneurship. Ignore it, destroy it if you can't stand it and get on with life outside spam.
      • Ignore it, destroy it if you can't stand it and get on with life outside spam.

        I have a filter that finds the spam, and replies to it (using a trash basket return email address) with the body saying something like "go away, no one wants this nor read this".

        If the reply address is a bogus email address, then the ISP response of no valid email address is deleted. If I get one to the trash basket it is deleted.

        Ok, sure it increases TCP traffic, but it sends it back to the source. If we ALL did this, then the senders of spam would get, well, spammed.
  • just wondering (Score:2, Insightful)

    by psyklopz ( 412711 )
    who actually gets loads of spam every day?
    I get about 3 per day (3 too many!)
    You always hear about these poor suckers getting 200 or so a day, but how many of us actrually have to put up with that much stuff? If I got that much, I'd just switch email accounts, cos I just wouldn't put up with it.
    I'm not defending spam here, but I'm just kinda curious how much people actually do get on average.
    • Re:just wondering (Score:3, Informative)

      by Evil Adrian ( 253301 )
      I get about 5-7 per day, on average. Not 200, but to have to get rid of 5-7 messages per day (and report them to spamcop [spamcop.net]) is very, very irritating.

      No one should have to abandon an e-mail address because of unsolicited e-mail, especially (as in my case) if they've had their account for five years, and all of their friends and relatives know it...
    • Re:just wondering (Score:4, Insightful)

      by picz ( 264520 ) on Friday November 29, 2002 @09:41AM (#4779675)
      Who gets most spam?

      People with public e-mail addresses do. Try writing a few usenet articles and have your e-mail address on a web site and wait for the spam to emerge.

      Thank God for SpamAssassin
      • Re:just wondering (Score:2, Interesting)

        by rednaxel ( 532554 )
        As many slashdotters, I have several e-mail accounts. One of them, in a major ISP, occurs to have as username my first name (it was available at the time, I'm not so young). Well, this one is simply trashed, with 100+ spams per day. The spammers are making listings of name@isp.com at random, trying several 'name' combinations (like john, johnb, bjohn, and so on). Then repeat all the list for each major ISP and voilá, a enourmous list is created. After a few rounds of spam you know which ones are valid.
      • I have several websites at different domains, with a public address @most of them. But I only get maybe 5 to 10 a day combined. The sites have been up over a year (most of them) but none are horribly popular. :(

        Still, I think I'm gonna set up ORBS and/or SPEWS on my server in the not-too-distant future, and maybe some firewall rules. I don't even want to admit those evil packets to the server.
    • Re:just wondering (Score:2, Informative)

      by C14L ( 622656 )
      If people put their email adress all over the web, its no wonder. I just use some service like spamgourmet.com if I need an email address to subscribe somewhere and use a webform if you wanna contact me like C14L.com/mail. I've got no problem with spam.
      • Re:just wondering (Score:2, Insightful)

        by Desert Raven ( 52125 )
        If people put their email adress all over the web, its no wonder.

        Well, it's nice that you don't need to. But, there are quite a few of us that do business on the 'net, who need to post an email address for potential customers to use to contact us. Yes, I could use a web form instead, but frankly, that's just a good way to cut down on your customer base. I *hate* it when that's the only way I can contact someone to ask a question. I figure I can't be the only one.

        I use three RBLs, which average 150 blocks per day (high for the month was 326 in a single day). Spamassassin knocks out maybe 20 spam a day more. Two more per day make it through the filters to my inbox. Unfortunately, I can't just /dev/null the ones spamassassin traps, since every now and again it traps a good one.

        Since I started composing this reply, spamassassin trapped two more spam messages, and one slimed it's way into my inbox.
    • Re:just wondering (Score:5, Insightful)

      by aallan ( 68633 ) <alasdair AT babilim DOT co DOT uk> on Friday November 29, 2002 @09:53AM (#4779714) Homepage

      who actually gets loads of spam every day? I get about 3 per day (3 too many!). You always hear about these poor suckers getting 200 or so a day, but how many of us actrually have to put up with that much stuff?

      According to my filter logs I'm currently getting between 100 and 150 spam messages a day, I'm currently using RBL and SpamAssassin to filter my inbox so I usually only see 2 or 3 a week out of this total. Its still annoying though,

      Just because you don't get any spam, doesn't mean everybody else isn't geting any...

      If I got that much, I'd just switch email accounts, cos I just wouldn't put up with it.

      Some people just don't have that option, you can't change your work email address, I know I certainly can't change mine...

      Al.
    • Re:just wondering (Score:3, Insightful)

      by bluGill ( 862 )

      I typically get 20-30 per day. Often more than the useful email I get.

      I am a firm beliver that if people really want to contact me I should not make it hard for them. I have had a few people who I did not know contact me that really should have contacted me. It doesn't happen often.

      I'm also looking for a job, posting my resume with contact information uped the number of spams I get. At least the porn is outnumbered by other types of messages now, but that isn't saying much.

    • (Raises hand)

      I do. Let's check. This morning I have:
      30 spams that are not directly addressed to me,
      130 spams that are directly addressed to my Verio email address,
      5 spams addressed directly to my personal address.

      Hmmm so I think I know what the problem is.
      Verio sold my email address to every spam-merchant in the world.
    • I can't say I've ever bothered to count, but I probably get 10 or so a day. I have a dozen or so domains that give my email address as the contact, my various email addresses are plastered over several longstanding websites, I've posted a few things on usenet and all my friends have had viruses that have emailed my address to every other computer on the planet, so I would expect to be a prime target for spam.

      On the other hand, the addresses are hosted on our own (leased) machines, so I would be surprised (and liable to sue) if my ISP was selling my addresses to anyone.

      I have noticed that customers using webmail, especially Hotmail, get huge quantities of spam, but this seems inevitable to me.

      I'd say deleting spams takes me 30 seconds a day, top whack.

    • I'm still training my Bogofilter [sf.net], so I'm down to about 3 getting through a day. I just checked my spam dumping ground to answer your question, and I found 141 sitting there from the last 4 days.

      I went with the "assume Bogofilter is right" configuration. When a new email is determined to be spam, it is indexed by Bogofilter and dumped in the spam folder. If not, it indexes the msg as "non-spam" and dumps it in my inbox. I have to save the spam that got through to a new "isspam" folder and occasionally force Bogofilter to re-index messages in that folder as spam.
    • Re:just wondering (Score:3, Interesting)

      by Matts ( 1628 )
      Switching accounts isn't always that easy. My name is Matt Sergeant, and my email address is matt@sergeant.org. I'm just not changing that because someone who lives in a million dollar home thinks my address is his public shit can.

      Luckily my job is detecting spam (I'm a SpamAssassin developer too), so I'm actually quite happy to get my address harvested loads of times :-) Bring it on, spammers.

      But yes, I get lots of spam. About 100 a day. Not including mailing list subscriptions I get about 5 to 10 regular pieces of email a day. That's a hell of a ratio.
    • who actually gets loads of spam every day?

      I got 34 so far today. All filtered, though, into my spam folder.

    • I get 20-30 a day. I've long since stopped bothering hiding my email address -- maybe 2 get through every week, and I can handle hitting Shift-S to move them to Mail/SPAM-Unfiltered.

      When SpamAssassin 2.5X arrives with it's baynesien filter I'll shove them through it. Hopefully it'll push the sucess rate high enough so that when I'm getting 200/day I won't be getting 20 missed a week :)
    • I used to get about 15 spam mails everyday. Then I activated some of the open relay checks and it did get 14 of them.
      These days I no longer get any mails from open relays. From time to time I do see a spam mail, it mostly comes from someone abusing a proxy/cache server via the CONNECT method.
    • I'm sure much leakage is because of underhanded ISPs, companies selling email, and the like.

      But in my case--and many people's--the main problem is that I am a public personality. I do things where there is good reason to disclose my email address to strangers (in my case, because I am a writer). A lot of those strangers write me for very legitimate reasons, but obviously once an email is made public you cannot keep it to only the good guys.

      It doesn't apply so much to me personally, but a similar situation is where email addresses are listed in directories--company, organizations, and so on. In those cases also, you need to publish your email to let legitimate correspondence contact you.

      I've always been a little puzzled by the (somewhat naive) folks who think to answer the spam problem by hiding their email from everywhere it might leak. There are various tricks for doing this, false addresses, complex usernames, different accounts, etc. That only really works for people--typically college kids or younger--who never need to DO anything in the world. For the rest of us, hiding an email address would be like hiding our snailmail address from business contacts, because we might get junk mail from releasing it.
    • I found this script [pbp.net] on the SpamAssassin mailing list. It's been pretty interesting to use.

      I ran the script a few minutes ago on a machine that I host for a friend (web counter service, her websites/etc - she's been on the net for many years with her own domain/etc)

      Total Messages...: 14950
      Clean Messages...: 6413
      Spam Messages....: 8537
      Spam Percentage..: 57 percent

      57% of the email out of nearly 15,000 emails in /var/log/mail are fucking SPAM!!!
      That is *ridiculous*

      This is with SpamAssassin, Razor, Pyzor, and several RBL lists in /etc/postfix/main.cf all running.

      The spam still gets through. It sucks up bandwidth. It sucks up resources. It's really offensive sometimes. Spammers know there's no federal legislation in place to block them, so they go on their spammy ways.
      Spammers are scum. They *do not care* that you don't want their spam.
  • 200 spam per day? (Score:3, Insightful)

    by Jucius Maximus ( 229128 ) <m4encxb2sw@@@snkmail...com> on Friday November 29, 2002 @09:34AM (#4779639) Journal
    Man, what do you do to get all this? I haven't gotten that many in my life to my main account.

    Really, all you need to do is manage your address properly from the beginning, don't do obvious spam-lure tactics with it, use sneakemail/other aliasing and you're set.

    Seriously ... in the last year, maybe 3 total spams have come to my main address. (They're all the same spam too. Something about skin care. Weird.)

    • If manage a domain, you will get one to your contact address (usually hostmaster@your.domain) and also sales@, webmaster@, and a few other garbage addresses.

      Having said that, I get ~10 spams a day to these bogus accounts per domain name -- not 100.
      • If manage a domain, you will get one to your contact address (usually hostmaster@your.domain) and also sales@, webmaster@, and a few other garbage addresses.

        That's why I block those accounts.

        • Re:200 spam per day? (Score:3, Interesting)

          by LinuxHam ( 52232 )
          That's why I block those accounts

          I know its a throwback to the days of yore, but those accounts are required to accept mail per RFC 2142 [ietf.org] (scroll down to #5). In this world of total non-compliance, lets offer a moment of silence in memory of how the Internet was *intended* to run. :)
    • what do you do to get all this?

      Easy :

      1. Put your email not encrypted on your web page (or on other web pages).

      2. Type your email on every site where they offer you "free" downloads, pictures or jokes in your mailbox.

      3. Use your main email in newsgroups.

      4. Read or "preview" the spam messages while connected to the net with an email client that can read html, javascript and download pictures. That way, your email is activated and gets much more spammed (I tested this and I got 10 to 20 messages with an activated email and 1 to 4 with an unactivated one.)

      5. Sell your email to advertisers who promise to send you interesting ads. In fact they just resell it ! I also tested this and you get ... 100 to 200 spams DAILY with this !

      6. Use some crappy webmail like hotmail (hotmerde as I call it) where either they send your email or there are so many users that spammers can send messages to anything@hotmail.com .

      Other ideas ?
  • Sigh (Score:5, Funny)

    by Evil Adrian ( 253301 ) on Friday November 29, 2002 @09:34AM (#4779641) Homepage
    I think the idea behind their site is nice, but I also think that more and more, people are realizing that the only way to really effectively block spam is to use whitelists -- no fancy schmancy algorithm is going to block spam for long.

    It's a shame, because I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal.
    • That's just not true. Are you using any filtering mechanisms? I'm going to assume you are, because otherwise you'd be posting just to hear yourself type.

      So which are you using? And what's wrong with them? I've tried both some custom filters using 'Bayesian' categorization and also used SpamAssassin. Both have proved *highly* effective? What is it you're doing wrong?
      • I've tried both some custom filters using 'Bayesian' categorization and also used SpamAssassin. Both have proved *highly* effective?
        I'm currently using SpamAssassin, and although it seems to properly identify 90% of spam, it still misses a bunch, and it even occasionally marks valid emails as spam, which is a BIG no-no in my books. It means I still have to swarm through every message looking for names I recognize, just in case I nuke an important email. (I've played around with a bunch of "levels" to set it at, but to get that number high enough to let 100% of the valid emails through, it seems to let more than 50% of the spam get through).

        I haven't tried any of the Bayesian stuff (yet), but I imagine it'll have a similar hit-ratio.

        The problem is that if your spam-filter blocks even ONE non-spam email, it's unacceptable.

        As for the public DB of spam messages, I can't see it doing much if any good - all it will do is force spammers to completely personalize/randomize each mail they send out (move a bunch of words around, swap paragraphs, add nonsense tags everywhere), so no sort of quasi-CRC check or even fuzzy-algorithm'ed spam detector could recognize it.

        I'm afraid the grandparent is right - whitelists are the only way to block as much spam as possible, while guaranteeing all valid emails get through.

        (ps. I like the concept of having a daily, automatically generated .GIF file with some password in it that anyone wanting to get on your whitelist reads and types in - no need to have a "handshake" of sorts before they can send you email).

        • Re:Sigh (Score:3, Informative)

          by LinuxHam ( 52232 )
          I haven't tried any of the Bayesian stuff (yet), but I imagine it'll have a similar hit-ratio.

          Actually, I just switched from my shell hoster's systemwide spam filter (no idea what it was, but it puts X-Spam-Warning in the header) to the Bogofilter Bayesian spam filter running only in my shell account. I planned ahead and saved up over 250 spam emails (and 590 non-spam) for its first day of training. After three weeks of catching 35 and missing about 4 spams a day, it *just* marked its first legit one as spam today -- HiltonHonors assumed I wanted HTML mail and never referenced my name after the To: line. Not that HTML mail is necessarily a trigger for everyone, but it is for me.

          If your mail goes through a shell account somewhere along the way, I would definitely recommend trying it out. After using pine for so many years, I can visually scan hundreds of emails in my spam folder for known senders in less than a minute. Under a minute every few days is okay by me.
    • Re:Sigh (Score:4, Interesting)

      by m0i ( 192134 ) on Friday November 29, 2002 @09:43AM (#4779685) Homepage
      And even whitelists are not 100% reliable: new viruses/trojans may collect emails from addressbooks and send spam with the From field altered to appear like a friend of yours (likely to be in your addressbook..). Now even your friends will spam you! (or so it will seem).
      As long as there's no M(ail)T(ransport)P(rotocol) which get rid of the overly S(implistic), without true authentication of the sender, we will get spam because email is public in the first place.
      Maybe something like email cookies would be a first step in trying to establish a pseudo-authentication system.
    • Re:Sigh (Score:2, Interesting)

      by paranoos ( 612285 )
      I agree that for home users, who receive legitimate emails only from a (comparitively) small group of friends and family, would benifeit the most from a whitelist filter. However, this would never work for corporations, where they might be receiving many inquiries about goods and services by email. Furthermore, these email addresses are openly published on the company website, thus making them a brighter target for spammers.

      The best filter for anybody who maintains a website would be a Bayesian filter, where the mails are analysed, with a database of words contained in spam and non-spam emails. This way, legitimate Nigerian money laundering offers would not be blocked out, while the pr0n stuff goes to /dev/null. I don't receive much email, and I would say that spam might only make up for 25-33% of all the mail I receive, so I can't yet report on the success I've been having with this method, but I am using Bogofilter, an opensource project. You can find it on SF.net [sourceforge.net]

    • "I'm pretty sure that ceaseless, unrelenting, brutal torture of known spammers would be equally effective, but is unfortunately illegal."

      ...Remember - most of these spammers base their operations out of China. So what we could do is somehow convice them to go there (offer them something they cannot refuse - a week's worth of unlimited serverfarm and bandwidth usage or something like that). Once they are there, we can inform the government that several dozen Falun Gong supports are in country trying to insight rebellion. Then you will get your wish.
    • We handle circa 10,000 emails a day. Not a huge amount, but probably the same as many small businesses. Spam makes up for a very small amount of our mail - certainly less than 5%, and probably less than 2% of my inbox. We take no measures other than checking open relays against ORDB and known spammers against the SBL at spamhaus.

      In the last 24 hours, ordb has caught 200 attempts to connect, spamhaus has caught one.

      I suspect that by using algorithims, we can reduce our spam even further. If more ISPs were to impliment spam filtering - even as an option - to the same extent as ours, a lot less would get through. If we can get the response rate from spam to drop from a quarter of one percent to maybe a tenth of that, we may start to get close to a position where spam actually becomes uneconomic. It's only by achieving that that we'll see the current volume of spam reduced.

      • Re:Sigh (Score:4, Interesting)

        by berzerke ( 319205 ) on Friday November 29, 2002 @10:57AM (#4779921) Homepage

        ...If we can get the response rate from spam to drop from a quarter of one percent to maybe a tenth of that, we may start to get close to a position where spam actually becomes uneconomic. It's only by achieving that that we'll see the current volume of spam reduced...



        I've been kicking around an idea to reduce the response rate, but don't know how to implement it properly (yet!). My idea is to setup what *APPEARS* to be an open relay. Spammer will try to send their garbage through it, but NOTHING will actually get delivered. That's gotta cut the response rate way down (to zero), plus saving a lot inboxes. If the response rate goes low enough, it becomes uneconomical to send spam and the spammers find a new line of work.



        Anyone have any pointers for a Postfix installation?

        • Spammers confirm the functionality of open relays by sending test messages to themselves.

          You could certainly escalate the smoke and mirrors by allowing a low rate of messages from a certain IP through while killing a higher rate. But spammers would escalate right back by automating the system of sending test email to themselves.

          Besides, the true industrial grade spammers simply find connectivity that accommodates their practices instead of relying on open relays.

          On the client side, Bayesian works for me. Well past 99% accuracy classifying a wide variety of email (not just spam vs non-spam) and of the false classifications very few of those are false positives.

    • patent this idea: authoring of commercially-oriented unsolicited email specifically formatted to defeat X antispam measure (like spamassassin say).

      Another idea might be to protect spam utilities using the DMCA -- if you use it, you're not allowed to figure out how it works, and you're not allowed to circumvent its spam protection.

      Thought I doubt either would work, it'd be ironic to use stupid laws for protection for a change.
    • I've personally had great success with bayesian filtering. With a training corpus of only about 1500 spams and 6000 good messages, not a single spam has made it through since running it. Fearing false positives, I'm doing all my filtering on the client. All procmail does is append a spamicity score to the message header, and the user can use that for filtering. Use of a spam folder will eliminate a totally blind false positive which would result from server side filtering. I have had a few false positives on order confirmations (which, considering that you would have already written down the order number and/or saved the html order result page, is probably spam anyway), but you're usually expecting these when they come, and can pick them out of the spam folder pretty readily.

      All this brings up a very important benefit to this database - training bayesian filters. I only have 1500 spams. Bayesian filters get more accurate with respect to the size of their training corpi, effectively topping out at around 6000 messages, so being able to download a couple thousand spams from this ftp site would greatly help me train my filter.

    • Re:Sigh (Score:3, Informative)

      by vanyel ( 28049 )
      ...I also think that more and more, people are realizing that the only way to really effectively block spam is to use whitelists

      In the long run, I think you're right, but thank the stars for spamassassin [taint.org] in the meantime! When I first installed it, about a year ago I think, it was blocking about 8000 message/month just to me! I checked earlier today for other reasons, and found it's grown to 13,000 blocked messages in the last month adding up to 116Meg. It's just f***ing insane. Unfortunately, the 4% it lets through adds up to over 500 messages in the last month, and it did manage to block 3 real messages, but it's still worth it...

    • Whitelists dont work.

      I've determined that I have to whitelist my universities domain and my work domain since I cannot risk loosing an email from either - however many spammers now forge the from address so as to appear spamming from your own domain.
  • Best of... (Score:5, Funny)

    by Shymon ( 624690 ) on Friday November 29, 2002 @09:35AM (#4779643)
    Maybe we'll get some of the more creative spamers to run a "best of spam" series. coming to a mailbox near you this holiday season.
    • by giminy ( 94188 ) on Friday November 29, 2002 @11:00AM (#4779929) Homepage Journal
      May I make a nomination:

      Date: Wed, 16 Oct 2002 13:21:29 -0700
      From: Jasjit Fok
      To: names remove to protect the innocent
      Subject: Do you hava a problem with Spam?

      * REMOVES
      JUNK EMAIL
      * BLOCKS
      ADULT CONTENT
      * STOPS UNWANTED NEWSLETTERS
      * PROTECTS
      FROM VIRUSES

      Tired of junk email? Now there is a cure!

      In just 5 minutes, you'll be getting only the email you want and you'll
      shield yourself from all unwanted junk messages. With the leading spam
      filtering software SpamCatchers, you will be able to also protect your
      family from offensive messages and save valuable business time in your
      office.

      Simply the best at stopping spam for email programs like Outlook, Outlook
      Express, Eudora, Netscape and many others, this must-have protection is
      hassle-free and secure.

      Go to SpamCatchers!

      SPAMCATCHERS IS THE LEADER!
      SpamCatchers is the most advanced and accurate content filtering software
      on the market. It will protect your legitimate email messages, and it
      updates all preinstalled filters automatically. Just install it and
      forget it!

      You will always have a clutter- and spam-free inbox! Spam email is
      quarantined in SpamCatchers' Spamviewer folder where it is later deleted
      automatically.

      SpamCatchers also:
      Monitors and filters multiple email accounts
      Lets you easily create your own personal filters
      Lets you decide which newsletters you want to receive or block
      Updates automatically its filters

      INSTALLING SPAMCATCHERS IS EASY, EVEN FOR A NOVICE COMPUTER USER!

      THIS IS OUR SPECIAL INTRODUCTORY OFFER FOR YOU:

      Put SpamCatchers to work for you - it's simply the easiest, fastest
      and most powerful way to stop annoying, intrusive and time wasting email
      messages. Order it now: starting $37. Satisfaction guaranteed!

      Click here: SpamCatchers

      Sincerely,
      SpamCatchers Ltd.

      __________________________________________________ ______________

      You received this email because you signed up at TQM-Internet's website
      or you signed up with a party that has contracted with TQM Internet
      Direct (ref # 52417). To unsubscribe click here
      www.tqm-internet.com/remove.htm. The products and/or services advertised
      in this email are the sole responsibility of the advertiser, and
      questions about this offer or its product or service content should be
      directed to the advertiser. (C) 2002 TQM-Internet, Inc. All rights
      reserved.
  • by Zayin ( 91850 ) on Friday November 29, 2002 @09:36AM (#4779653)
    I think they should just go ahead and provide a subscription email service. That way, people can get the spam right in their inbox, instead of having to download it through ftp.

  • I tried saving my spam for awhile just for giggles, but seeing that file grow to 100+ megs made me so angry I had to delete it. Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!

    Awww. CmdrTaco [slashdot.org] has [slashdot.org] finally [slashdot.org] installed [slashdot.org] a filter [slashdot.org].

    First they get rid of Jon Katz, now CmdrTaco is filtering his emails - as soon as Timothy starts checking for dupes we'll have to start finding new ways to take the piss :o)

  • Come to think of it, the best way to detect spam messages would be to open tan email account at a public provider, say hotmail, and then see if any mail that comes to your regular email account, also is sent to the fake account.

    The email to the fake account can be discarded in any case, so you don't get more junk email this way.

  • Only 200? (Score:4, Interesting)

    by nurb432 ( 527695 ) on Friday November 29, 2002 @09:44AM (#4779686) Homepage Journal
    I get that much on my PERSONAL account, and i also 'manage' spam for a 10K user base..

    Somedays, ALL I get done is dealing with spam.

    Too bad we cant bill them back for my salary, and lost network resources, like we can do for un-requested faxes.

    And arrest them for sending porn with out verifying a person's age. Around here, you would be either fined ( bookstore ) or arrested ( individual ) for trying such a stunt in 'real life'.

    • by mrneutron ( 61365 ) on Friday November 29, 2002 @10:03AM (#4779750)
      I also manage email for 10,000+ users. And I do a lot more than that; it simply does not take that much time if you handle things properly.

      For corporate-wide spam blocking, sendmail has some great spam filtering features via DNS Black Lists (dnsbl). I use spamhaus.org and relays.osirusoft.com.

      Add these lines to your sendmail.mc:

      FEATURE(dnsbl, `sbl.spamhaus.org', `"550 Mail from " $&{client_addr} " rejected, see http://www.spamhaus.org/"')dnl

      FEATURE(dnsbl, `relays.osirusoft.com', `"550 Mail from " $&{client_addr} " rejected, see http://relays.osirusoft.com"')dnl

      There goes 90+% of the problem. After that, spamassassin handles the 10% that trickles through quite nicely.

      If you don't use sendmail, all other modern mail relays can handle this problem in similar ways.
      • Unfortunetaly due to our setup i dont have as much control as is needed to really effectivly manage it, thus the amount of time i spend is MUCH higher then would normally be.

        And it's not EVERY day i spend huge amounts.. but somedays it gets way out of hand. normally its much less.

        Though personally i feel 1 minute is too much time.. it should not even be coming in the first place.

        • Then it's time to deploy the right solution.

          The time and money you invest in the sort term will be repaid many times over in the long term. Spammers will send less successful spam, which is a win for all of us. You & your users will be much happier, too.
      • by __aanonl8035 ( 54911 ) on Friday November 29, 2002 @10:51AM (#4779903)
        Are you sure you investigated exactly
        what osirusoft does?
        I fint it unfortunate that so many
        administrators seem to put in osirusoft
        as a blacklist without examing what it
        does. Osirusoft combines the blackhole
        listing of many many other blackhole
        listings, one of which is unfortunately,
        SPEWS. SPEWS in my opinion is
        overzealous with blacklisting and it
        is unfortunate that osirusoft includes
        them in its list. To read more about
        the problem, read this posting
        here [216.239.37.100]

        here is a relavent quote...

        ii. a grep on osirusoft - which yields about 1/2 the messages -
        but.. when there's a false positive, there's a really good chance that
        it's in this group - and of this class of false positives, there's a close
        to 100% liklihood that it's SPEWS that's given the false positive

        You can alos check out antispews [antispews.org].
        • I have osirusoft set as a +2 in spamassassin, and I haven't gotten a single false positive due to it. I wouldn't suggest blocking based on osirusoft alone, but it makes a nice addition to the other spamassassin rules.
          • >>I wouldn't suggest blocking based on osirusoft alone

            osirusoft is combining many many rbl. The problem I have with it is osirusoft just seems to include every rbl they can get a hold of. SPEWS specifically seems to generate a lot of false positives. This seems to be because they will block entire netblocks, the administrators can not be contacted, the list is closed, and efforts to try an contact the administrators of the list are often futile as exemplified here [mandrakesecure.net] It would seem to me that just using one or two "quality" rbl would be just as effective.

            Here are some relevant quotes from people posting about their SPEWS blacklisting problems.

            "Hi, we are a law firm that bought from UUnet and it seems the last owners
            of this IP block were spammer. We're not, can you please remove us."
            "Every heard of due diligence? Thats what you get for buying from UUNet,
            you'll get unlisted when they clean up all their spammers."

            "Hi, we bought from some people who turned out to have a problem with
            hosting some spammers, but we're locked into a 3 year contract. We're a
            small shop without the money for lawyers to get out of it. We're not
            spammers, could you please unblock this one piece of IP which is just us."
            "Sorry, you have to change providers. They breached your contract by
            failing to provide full internet access (since people are filtering them
            based on our listing)"
            • SPEWS specifically seems to generate a lot of false positives. This seems to be because they will block entire netblocks, the administrators can not be contacted, the list is closed, and efforts to try an contact the administrators of the list are often futile as exemplified here

              Yeah, but that's what I want for spamassassin. Statistically, as long as more than 50% of the email coming from IPs in SPEWS is spam, it should have a + weight in spamassassin. If I wanted to get fancy I could put each of the separate blacklists into spamassassin individually, and weight them accordingly. Then maybe SPEWS would only get +1 instead of being mixed in with a bunch of others and getting +2. But the way I have things set now already gives me no false positives and a high kill %. Maybe it's time for some DNS based whitelists. Then I can give them negative weights in spamassassin.

        • SPEWS in my opinion is
          overzealous with blacklisting and it
          is unfortunate that osirusoft includes
          them in its list.


          SPEWS not in the first place a list to block spammers, but to block spamfriendly ISP's. Given that goal, they're not overzealous at all. It's true this regularly results in collateral damage, but since this is the only way "regular" people can do something against spam-supporting ISP's, the users of SPEWS accept these consequences.
          • >>the users of SPEWS accept these consequences.

            It is difficult to acertain what the majority of users of SPEWS know, but from searching through google it seems to my (albiet limited) knowledge that the users do no know the consequences.

            Part of the problem seems to be administrators subscribe to osirusoft without the knowledge of how all the various blacklists aggregated under osirusoft work. osirusoft does not state boldly and in plain language how SPEWS works.

            SPEWS has many class C's blocked when sometimes the spammer was only operating in a subnet of the class C. It does not even appear that their rational of blocking an ISP for hosting a spammer is quite valid, because they do not block all of the IP ranges of the ISP, they just block on a class C, by class C basis. I suspect the reason for this is because it is easy to block a class C, but not a subnet (because of the way decimal notation of IP ranges works)

            It just does not seem like these mail administrators using osirusoft know that SPEWS is blocking class C's with the goal being that if enough innocent people are affected, then those innocent people will complain and get the spammer banned. Their tool for accomplishing this is blocking class C's
            • If the spammer has a subnet of a class C, most of the time they do start with blocking only the spammer. If however the ISP doesn't take any action, after a while this block is indeed expanded to the /24 in which the subnet lies. It has nothing to do with the ease of notation, it's just an escalation of the block if the ISP doesn't care about its spamming customers. I don't think they include class C's or bigger blocks from an ISP if they don't contain a single spammer. Of course, if an ISP is stupid enough to start moving around its spammers from one block to another...

              I think the reason that osirusoft.com doesn't state explicitely how SPEWS works, is that it contains so many different blocking lists that explaining how each individual one works would be a lot of work. They do link to all the blocking lists they use though, where you can get this information. Using the information without informing yourself first is asking for trouble imho.

              • >>Using the information without informing yourself first is asking for trouble imho.

                I do believe that is the heart of the matter. I do not believe that many administrators are going through the effort of checking each and every rbl that is listed in osirusoft.

                I believe that if many of these administrators knew that SPEWS policy was to escalate cases to cover entire class C ranges (whether or not all the subnets are spammers or not such as this case [zdnet.co.uk]) thereby doing what is termed collateral damage... many of those administrators would not be subscribed to osirusoft (due to SPEWS)

      • If the 10,000+ users you are talking about are individual paying customers of an ISP (you don't say in your post) then I trust you have consulted with management and customers before implementing this.

        It is massively irresponsible of an ISP to decide what email their users get. SPEWS blocks a lot of non-SPAM email through their policy of targeting ISP's, not individual spammers, meaning your customers _could_ miss out on important email.

        I'm not saying I have anything against SPEWS - they make it perfectly clear on their site that they hold an opinion and if you wish to share their opinion that's up to you; but I do have a problem with sysops that decide to go and implement this kind of blocking off their own backs without proper consultation.

        Cheers,
        PHB.
    • And arrest them for sending porn with out verifying a person's age.


      I just got an idea, it might involve a fine/arrest/punishment on the person who does it. But it could be the push for starting a conversation in the media and on important news channels:

      Start printing porn spam that you get and send it in an envelope to your senator/congressman or whoever is represententing you and send one to the media. It would be one way to try to get them to understand the problem. Put the porn letter in an envelope and put the envlope in a new envelope with an attachment that says that it could have been a child that opened the letter (warnt them that the envelope inside contains 21+ material). One would also need to state that this is going on daily on the internet and that children also receive these kind of SPAM e-mails.

      It could also backfire and make them demand more control over the internet...
      • "It could also backfire and make them demand more control over the internet..."

        what do you mean backfire?
        more control is exactly what you're asking for.
    • Too bad we cant bill them back for my salary, and lost network resources, like we can do for un-requested faxes.

      And arrest them for sending porn with out verifying a person's age. Around here, you would be either fined ( bookstore ) or arrested ( individual ) for trying such a stunt in 'real life'.


      Hmm, interesting problem: If you come to Australia, and break a law, and then go back to America, we can requst to get you extradited to Australia, right (not that the American government would comply)?

      Similarly, if Australia passes a law banning some forms of spam (as we saw earlier, we would have to kick out Loser Alston first), and you send spam, using *my* resources, break *our* laws, physically in *our* country (the electrons are passing through my server that is under my desk), then can we not request extradition?

      Bring back hanging, I say.
    • What exactly do you do to manage spam for the 10K user base? Seems like whoever is paying you is wasting their money, since you can't even stop spam from coming to your own personal account.
      • Personal account is just that, not work related.

        I do block my spam from hitting my personal desktop, however i keep track of the sheer # that i get, just for reference.

        Even if i dont SEE them they are still a network resource drain.

  • I have hundreds to spare..

    Is this to provide a amusement to future anthropologists and social historians?
  • As reported in Ask Slashdot [slashdot.org] (but it didn't make it to the front page), the Great Spam Archive [annexia.org] (est. about 3 years ago) has just received a threat of legal action [annexia.org] from a spammer over, of all things, copyright infringement.

    Rich.

  • This is no dupe, it's a followup on a previous story [slashdot.org]
  • Erm (Score:2, Funny)

    by Fembot ( 442827 )
    "Currently getting ~200 spam every day, and now often they attach images so they are 100k+. Yay Internet!"

    Nope thats actualy whats known as a Pr0n mailing list :-)
  • by burts_here ( 529713 ) <burts_here AT fuckmicrosoft DOT com> on Friday November 29, 2002 @09:58AM (#4779730) Homepage
    They allredy did this once, its located at www.hotmail.com

  • by afinn ( 467407 ) on Friday November 29, 2002 @10:04AM (#4779759) Homepage
    If people are going to use this archive to automatically induce rules for recognising junk mail (e.g. using naive bayes [nec.com] or ripper [nec.com]), then they will also need at least as many examples of legitimate mail.
    Of course it could be useful for evaluating classifiers built using smaller corpora.
  • despammed.com (Score:2, Informative)

    by neuph ( 591436 )
    Go here [despammed.com]. They provide free spam filtering and pop3 forwarding. They only put a small text advertisement at the bottom of each email..

    Now does this make EVERY email you receive spam?

    Regardless, it works. I have never received spam through their service.

  • Smarter Spammers (Score:3, Interesting)

    by akheron1 ( 604013 ) <akheron@mac.com> on Friday November 29, 2002 @10:13AM (#4779783)
    Of course a blacklist like this will be better than an algorithm for the one reason that if everyone has access to this algorithm to filter their mail, then spammers could possibly just keep sending an e-mail to themself and having it be filtered by all of the different filter algorithms and changing it a bit each time until he/she has custom-tailored that spam to get through all of the filters
  • Foreign spam?? (Score:3, Interesting)

    by Flamesplash ( 469287 ) on Friday November 29, 2002 @10:18AM (#4779800) Homepage Journal
    What about all the Foreign spam out there that doesn't use standard ascii like the archive seems to contain?

    Almost all of my spam is from taiwan or china and sadly enough yahoo mail doesn't provide any good way to filter this out when the messages have fake headers. If I could simply filter on something in the Received path then it would help, but all they allow you to do is the From address as far as where the message came from.
    • Re:Foreign spam?? (Score:3, Interesting)

      by PigleT ( 28894 )
      Filter on Charset headers instead?

      I was going to post my .procmailrc entry here but slashdot censored it saying "too many junk characters". So you'll have to work it out for yourself based on Content-Type headers matching

      charset="?(big5|ks_c_5601-1987|iso-2022-jp|euc-k r) "?
      instead.

      More to the point, you never want to filter based on Received: headers, unless you can safely say that e.g. *no-one* in Korea is ever going to want to contact you. Otherwise, grab the IP# listings from IANA and see what netblocks are assigned to APNIC and score them down in your mail processing rules.

      For what it's worth, I've had a lot of success using Bayesian filters to identify dodgy-charset mails - both ifile and bogofilter do a great job.
      • hehe, I repeat. I use yahoo mail. Maybe that's my problem right there.

        I did like it when I was using unix based mail and could procmail everything. *sigh*

        When/if I get a newsystem maybe I'll leave my current one up as a permanent dedicated mail client.
  • spam algorithm (Score:2, Insightful)

    by Anonymous Coward
    1. wget spamarchive
    2. grep emailaddresses spamarchive
    3. mail emailaddresses
    4. ???
    You know the rest...
    • They should encrypt all emails in their archive to ensure the archive is not used as a repository of addresses.

      A message in the archive would have the following structure :

      X-Apparently-To: SSS-PRIVATE@yahoo.com via 216.136.175.66; 08 Nov 2002 18:06:08 -0800 (PST)
      Return-Path: <SSS-PRIVATE@genial.net>
      Received: from 195.74.212.103 (EHLO wanadoo.be) (195.74.212.103) by mta509.mail.yahoo.com with SMTP; 08 Nov 2002 18:06:08 -0800 (PST)
      Received: from serv08.segi.ulg.ac.be (serv08.segi.ulg.ac.be [139.165.32.77]) by wanadoo.be (8.12.2/8.12.2) with SMTP id gA91wwGL2171186 for <SSS-PRIVATE@wanadoo.be>; Sat, 9 Nov 2002 02:58:58 +0100 (MET)
      Received: (qmail 5590 invoked by uid 504); 9 Nov 2002 02:59:18 +0100
      Received: from SSS-PRIVATE@genial.net by serv08.segi.ulg.ac.be by uid 501 with qmail-scanner-1.10 (drwebspamassassin. Clear:0. Processed in 4.216042 secs); 09 Nov 2002 01:59:18 -0000
      Received: from unknown (HELO syntime) ([139.165.199.145]) (envelope-sender <SSS-PRIVATE@genial.net>) by serv08.segi.ulg.ac.be (qmail-ldap-1.03) with SMTP for <SSS-PRIVATE@wanadoo.be>; 9 Nov 2002 02:59:14 +0100
      Message-Id: <4.1.20021109025847.00956180@pop.swing.be>
      X-Sender: SSS-PRIVATE@pop.swing.be
      X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1
      Date: Sat, 09 Nov 2002 02:59:16 +0100
      To: SSS-PRIVATE@wanadoo.be
      From: "egoossens" <SSS-PRIVATE@genial.net>
      Subject: t
      Mime-Version: 1.0
      Content-Type: text/plain; charset="us-ascii"
      X-Spam-Status: No, hits=0.0 required=5.0 tests= version=2.01
      Content-Length: 3

      Where I have replaced every name before a @ with SSS-PRIVATE. What do you think ?

      I wouldn't give my spam archive if my emails privacy was not protected.

      Note this message is not a spam.
  • by anthony_dipierro ( 543308 ) on Friday November 29, 2002 @10:52AM (#4779908) Journal
    I'll be sure to report all the UUencoded mp3s that were sent to me as spam.
  • by InitZero ( 14837 ) on Friday November 29, 2002 @10:56AM (#4779918) Homepage
    > I tried saving my spam for awhile just for
    > giggles, but seeing that file grow to 100+ megs

    Geez... Tell me about it.

    I started collecting spam at the start of the
    year. Gzipped and in mbox format, it uses 435+
    meg. On November 27 alone, my spam catcher caught
    9,040 pieces (and missed dozens more) for 46 meg
    of spam.

    This just is my tiny server. My mind boggles at
    the volume of spam traveling the internet on a
    daily basis. I don't think most people understand
    the true magnitude of the problem.

    By the way, more than a week ago I offered my
    spam archive to the Spam Archive. They have yet
    to get back with me. I suspect they are
    overwhelmed by the response. They say they are
    receiving over 5,000 messages a day. I'm offering
    to send them 8k to 10k a day. If everyone who saw
    the Slashdot article forwards them spam, they
    will be underwater in a matter of weeks.

    So, folks, update your procmail scripts and
    whatnot to bouce your spam to spamarchive.org
    before deleteing.

    If only Spam Archive would track contributions.
    I think it would be fun to compete to see who
    gets the most spam.

    InitZero
  • I'm assuming Rob probably does run some pretty heavy anti-spamming on his mail if he's "only" getting 200 spams/day.

    But I must give Rob credit on this - I've emailed him a couple of times about problems on /., and each time he's responded - personally, not with an auto-ack.

    Would that more admins were as responsive.

    Criticize /. for dups, gripe about spelling, whine about trolls, but stop and think about how much the /. crowd does react to the community.

    Criticize /. for dups, gripe about spelling, whine about trolls, but stop and think about how much the /. crowd does react to the community.

    Criticize /. for dups, gripe about spelling, whine about trolls, but stop and think about how much the /. crowd does react to the community. ....

  • "You have to have repeatability" in producing and testing antispam software, he said. "It's absolutely necessary for good science to get done."
    ever tried to get good science done when you didn't have repeatability? man that's tough!
  • I think someone should download the entire archive, print it all out onto "edible paper" (patent pending), and then stack it all into one giant spam sandwich. Add mustard as desired.

    Just another use for spam (jaufs)

    --

    Your sex without spam [tilegarden.com]
  • This might be very slightly offtopic, given that we're talking about a spam archive here and not about the mechanics of spam itself, but I'm curious.

    This story [cauce.org] is about someone who tried a little experiment: she wanted to see if the "click here to unsubscribe" link in most spams REALLY worked. So she tried the link and got INUNDATED with MORE spam.

    Anyone have experience with this? A friend of mine agrees--she says that hitting the "Unsubscribe" link just verifies that your address is in fact a real and active one.

    I always thought that was bullshit, because spammers don't seem to care whether addresses work or not (see The Story of Nadine [spamresource.com]. Any comments?

    --Theresa

I cannot draw a cart, nor eat dried oats; If it be man's work I will do it.

Working...