Spam Fighters Losing Ground

COMPUTERWORLD Security ^ | September 21, 2006 | Jeremy Kirk

[KoRn]

Where I used to get about 200 e-mails a day I am now gettng well over 400.

I setup a filter at work and it blocks around 5-6 thousand messages per day. We have one user who has over 400 spam messages per day sent to them. It has gotten far worse over the last couple of years.

[StevieJ]

The courts aren't helping the fight against spam:

http://www.spamhaus.org/legal/answer.lasso?ref=3

[mkjessup]

I still have the old address forwarded to my new address, in case my late Mom tries to email me using the only address she had.

My FRiend, may I make the gentle observation that while I'm sure your Mom is now in a far better place, I doubt seriously if that place has email service?

[ChildOfThe60s]

I have had an idea on this problem for years. It seems to me a different approach might work better. I think of it as similar to the notion that, to curtail illegal aliens, we choke off the jobs by nailing the employers.

In order for spammers to make money, there has to be somewhere for them to receive money. Now, all spammers are not Nigerians or Chinese. A lot of legitimate companies are stupid and pay bulk emailers to send out ads. If you call them, they alwasy claim that they have no control, that they only use mailers that send to "opt in" lists. Which is total bull.

For example, I had one spammer bombarding me with ads for a particular company. I called their marketing dept. and told them, getting the same line about opt in. I politely but firmly explained that I was going to sue them because it was legally their responsibility for hiring the spammer. I faxed this notice to the appropriate person (faxes now being legal documents). I asked for and received a written acknowledgement of my request.

Here is the interesting part. I stated to the marketing director that not only would I sue if I continued to get spam with their ad, I would sue if I continued to get any spam from that bulk mailer, since they had hired them in the first place.

Not only did I get a notice from the company that they were following my directions, I also received contact from the spammer stating that they would leave me alone. I called the contact at the company at that point and she told me that she had called the spammer and told him in no uncertain terms that she would fix his wagon if they didn't leave me alone.

Now, I'm sure they continued to use this spammer, but they left me alone after that.

My point is that any real & legit company that is using 3rd party outfits to spam, and claiming no responsibility, should be held legally liable for the spamming. Choke off that source of revenue to the spammer. Obviously, that is only one segment of the spam we get, but still a significant one. And I am fed up with companies knowingly using spammers and then denying any culpability or knowledge that they are doing so.

I had a run in with Columbia Records some time ago just as I described above. They cussed me out, but damned if the spamming didn't stop. Columbia was dumb enough to give me the marketing department's fax number so I could fax them my request to stop. After doing that, I posted the number in a newsgroup on spam. Suggested that those receiving Columbia spam bombard them with faxes on the subject.

Follow the money. Hit them in the pocketbook.

[cooldog]

Now *that's* an interesting technique.

I use qmail, with patches that allow Spamassassin and Clam-AV to check the mail before it gets queued. I also use RBL's from spamhaus, spamcop, and sorbs. The RBL's reject about 80% of the attempted connections, but an annoying amount of spam still makes it through.

So what server do you use, and how'd you configure it to work this way?

[StevieJ]

On postfix you can use something called postgrey:

http://isg.ee.ethz.ch/tools/postgrey/

[Kolb]

Here is my end user anti spam strategy: get yourself at least two email addresses- one preferably from a free service such as hotmail (public) and the other from your isp (private). Use only the public address when registering for accounts/ products etc. and use your private address for friends, family and business (do not publish your private email address on any websites, use the public address or create a sub account with your isp for that). This way you can disregard 99% of the email going to your public address, pick out the emails you wish to keep and dump the rest.

Use outlook, not outlook express (MS users). Outlook 2003 has some very good spam filters built in. Make sure to update outlook regularly through microsoft updates (windows update site, top bar, office family button). Set up message filtering rules in outlook for any spam that still gets through (tools drop down, rules and alerts...if subject has "viagra, money, XXX" etc. send to deleted items).

If you do not have outlook get yourself a spam filter add in, Qurb is a good example, and let it help you.

[Knitebane]

I'm using an OpenBSD firewall in front of my mail server. It uses a greylisting program called spamd. It also does something very nasty to those that send me spam.

When the remote server is in my black list, and it sends mail to me, it opens a TCP socket. My side holds it open, consuming resources on the sender. :>

Check it out here

[Knitebane]

We use Spam Bully 3. Do you know how this software looks at and decides an email is SPAM?

No idea. I've always used SpamAssassin until recently. I still do, it just doesn't have much to do.

Of course, I believe that using Windows for email is like using gasoline to pressure wash hot engines. You might get away with it for a while but sooner or later you're going to get burned.

[jwparkerjr]

A million thanks for the info!

It just sorta creeps up on you. When I was getting less than a hundred a day I figured it was more work to get filtering set up than it was to just delete the obvious spam. Then it kept creeping up and I kept adjusting to it, like the frog in the boiling water experiment from grade school.

It's gone from the ridiculous to the sublime and it's time to take some action!

Thanks for waking me up.

[jwparkerjr]

My Mom spent her last days in a very nice ALF, but because of her mental state she thought she was being held against her will and subjected to all sorts of unpleasant treatment. The only thing that kept her happy was that she had a phone in her room, a private line that didn't go through the switchboard. She was the envy of the ALF, and that's important to people at that age in that mental state. Anyway, she would call everyone in the family at least a dozen times a day, but would forget who she had called, so when you answered all you heard was her breathing and her TV in the background. When you said hello to her she would ask why you had called her. It became a family joke and we tolerated in because it was just so "her". She went through a spell where when you answered she her salutation would be "you've gotta get me out of this hell-hole." After she passed away it took us about two weeks to get everyone assembled for her memorial service which took place in the chapel of a local funeral home. The joke was that she probably had at least a dozen calls to us still floating around and it would be weeks before they got to us. During the service a door between the chapel and a small adjoining office was left open and darned if the phone didn't ring right in the middle of the service! Everyone there had the same thought, and we had a great, tears in your eyes, laugh at it. Talk about an ice-breaker.

I agree she's in a far better place, but I'm sure they have e-mail. It's heaven though because there's no spam!

[jwparkerjr]

re: But...But...WE PASSED A SPAM LAW!

Seeing how effective that law has been maybe we should pass one making it illegal to come the US without the proper papers, etc. </s>

[jwparkerjr]

re: the "Nigerian" scam

I worked for me! I'm waiting for my check to arrive any day now. It's been almost six months, but you know how slow the mail is from those foreign countries. </s>

[goldstategop]

The best reform would be to charge commercial email a set fee. Personal email would still remain free. That should cut down on spam dramatically, if those who hawk products had to pay to pitch 'em.

"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." -Manuel II Paleologus

[RichardW]

I have several e-mail addresses and invariably I get these spam messages and they use all these tricks. I just delete them. However, in my opinion this is a political problem. Spammers should be put out of business permanently and either sentenced to life in federal penetentiaries or outright execution. If the politicians see this as a political problem they can act and enact strong laws that will put 99% of these clowns out of business.

But the one thing that REALLY concerns me is phishing. I nearly fell for one of those the other day after being on the computer for several hours. That was a real wake-up call.

[TechJunkYard]

My mail server gets a request from a sending host, records the IP address, then boots the email back with a 450 error.

Interesting technique. I use several blacklists and maintain my own whitelist, and I just reject them all with a 550, but some zombies will retry the transaction up to 50 times before giving up. I'll try scripting up your solution and see what happens.

[KoRn]

"The vast majority of spam comes not from real servers on the Internet, but Windows PCs that have been owned."

This is very true. I can watch my firewall processing email at any given time and many of the connecting hostnames appear to be coming from broadband internet subscribers.

"My mail server gets a request from a sending host, records the IP address, then boots the email back with a 450 error.

Very clever, sending a 'soft error' in response to an SMTP connect. That will slow things down a bit, but if a quick response isn't important in your operations that's all good.

[jwparkerjr]

I couldn't agree more! Spam has gone way beyond the nuisance stage all the way to maddening.

I am really surprised it's lasted as long, and gotten as prevalent, as it has. I guess if you send out a million messages overnight and one-tenth of one percent bites then it's a winner for the spammer. What gets me is that I will get the same pitch 10 times or more in a single day and it will go on for days on end. And then I get those that are simply gibberish, like some offbeat font or something. I'm pretty sure those are nothing more than tests to see if an email address kicks back the message. If it comes back it's no good, if not then the address gets added to their "high value" list.

My guess is it will taper off at some point. Sooner or later most people are going to realize the only ones who make anything off these 'business opportunities' are the people selling the lists.

One thing is certain though, government will never be the answer. Never is, never has been.

[pabianice]

Every day I have 12-45 new spams, almost all with no text. I guess the spammers are simply looking for good email addresses.

[pabianice]

Crap! You mean I won't be getting that $15,000,000 from the Nigerian widow? I feel so... so... used...